MediaCP Manual
    1. Getting Started
    2. Sales Questions
    3. Frequently Asked Questions
    4. Transcoder System Benchmarks
    5. Start your own streaming platform
    1. Change account currency
    2. Product Licensing
    1. Introduction
    2. Installation & Upgrade
      1. System Requirements
      2. Versions & Releases
      3. Installation
      4. Upgrading
      5. Streaming Servers
        1. Nginx-Rtmp Video Server
        2. Wowza Streaming Engine
        3. Flussonic Media Server
        4. Video Feature Comparison
        5. Icecast 2 / Icecast KH
        6. Shoutcast 2
      6. SSL Certificates
    3. Billing Integration
      1. WHMCS Integration Guide
      2. Clientexec Integration Guide
      3. Blesta Integration Guide
      4. WiseCP Integration Guide
      5. Billing Platform Comparision
    4. Migrate from other software
      1. Migrate From Centovacast
      2. Migrate From AzuraCast
    5. Backup & Restoration
      1. Backup MediaCP
      2. Restore MediaCP
      3. Transfer to another server
    6. Administration
      1. MediaCP System Commands
      2. Admin Tools
      3. Custom Web Service Configurations
      4. Change MediaCP domain name
      5. Port 80 / 443 Proxy
      6. Move media to another hard disk
      7. Custom Language Translations
      8. Custom Facebook App
      9. Branding Your Panel
      10. Secure your server
      11. Setup CSF Firewall
      12. Troubleshooting Login Errors
      13. Reset Admin Password
    7. Scaling
      1. Scale with Wowza and CloudFront CDN
      2. Nginx-Rtmp with CloudFront CDN
      3. Nginx-Rtmp with CDN Proxy
    8. Troubleshooting
      1. Grant access to support team
      2. Troubleshooting Wowza Streaming Engine
      3. FTP Troubleshooting
      4. MySQL Database Troubleshooting
      5. Reporting Troubleshooting
      6. Troubleshooting Liquidsoap AutoDJ
      7. Video Relay Troubleshooting
      8. Disk Troubleshooting
    1. Introduction
    2. Administrators Dashboard
    3. System Configuration
      1. General
      2. Services
      3. Video Players
      4. Albums
      5. Email
      6. Plugins
      7. Statistics
      8. Backups
      9. Custom HTML
      10. Misc
    4. Customer Accounts
      1. Managing existing Customers
      2. Create a new Customer
      3. Deleting a Customer
      4. Login as another Customer
      5. Send email to Customer
      6. Reset Customer Password
    5. Reseller Accounts
      1. Reseller Plans
      2. Create a Reseller Account
    6. Administrator Accounts
      1. Create a new Administrator
    7. Media Services
      1. Creating a Media Service
      2. Deleting a Media Service
    8. Announcements
      1. Managing Announcements
      2. Creating Announcement
      3. Deleting Announcement
    9. Statistics
    10. Software Health
    11. Software Updates
    12. Email Templates
    13. API
    1. Introduction
    2. Audio Operation Manual
      1. Basics 101
      2. Station Overview
      3. Media Library
      4. Playlists
        1. General Rotation
        2. Jingles & Advertising
        3. Scheduling
        4. Repeat Protection
      5. Live DJ Connections
      6. Live Stream Recording
      7. DJ Manager
      8. Country Blocking
      9. Fallback, Backup and Intro Files
      10. Stream Proxy
      11. AutoDJ Crossfade
      12. Public Page
      13. HTML5 Player
      14. Stream Authentication
      15. Widgets & Links
      16. Reporting
    3. Video Operation Manual
      1. Basics 101
      2. Service Overview
      3. Scheduling
      4. File Manager
      5. Streaming to Your Service
      6. Stream Targets
      7. GeoIP Country Locking
      8. Public Page
      9. Widgets & Links
      10. Reporting
    4. Reseller Operations Manual
      1. Reseller Dashboard
      2. Customers
      3. Media Services
    5. API
    1. Custom Domain Names
    2. Shoutcast 2 Admin Guide
    3. Wowza and Flussonic on same system
    4. Submit a feature request
    1. Getting started with Audio Streaming
    2. Icecast Live Broadcasting
    3. Shoutcast 2 Live Broadcasting
    4. Broadcasting with AutoDJ
    5. DJ Accounts
    6. GeoIP Country Locking
    7. HTML5 Audio Player
    8. Mount Points
    9. Managing Your Media
    10. Managing Media Using FTP
    11. Statistics
    12. Shoutcast 2 Premium
    1. Getting started with video streaming
    2. Live Streaming Overview
    3. TV Station Overview
    4. Ondemand Video Streaming
    5. Relay & IP Camera
    6. Stream Recording
    7. GeoIP Country Locking
    8. VAST Advertising
    9. Connecting your encoder
    10. Preparing Your Media Files
    11. Managing Media Using FTP
    12. Understanding Video Playlists
    13. Embedding player on your website
    14. Smooth Streaming and Content Transition
    15. Video Transcoding (Adaptive Bitrate Streaming)
    16. Stream Watermark​
    17. Statistics
    18. DVR Rewind
    19. Facebook Live Streaming
    20. Youtube Stream Publishing
    21. Twitch Stream Publishing
    22. Shoutcast 2 Stream Publishing
    23. Icecast Stream Publishing
    24. RTMP Stream Publishing
    1. Cloud Video Overview
    2. Admin Manual - Cloud Video
      1. Login to your cloud platform
      2. Dashboard - A First Look
      3. Branding your platform
      4. Team & Staff Members
      5. Plans & Customers
      6. WHMCS Billing Provisioning Module
      7. Activating VOD on Customer Plan
      8. API
    3. User Manual - Cloud Video
      1. Login to your video platform
      2. First Look
      3. Creating a Channel
      4. Channel Overview
      5. Broadcasting
      6. Recording
      7. Media Content
      8. Live Events
      9. Fallback Video
      10. 30 Minute Rewind
      11. TV Channels - 24x7 UGC
        1. TV Event Scheduling
        2. Channel Guide Widgets
      12. Relay Channels
      13. Video on Demand
      14. VOD Playlists
      15. Publishing
      16. Viewing Analytics
      17. Bandwidth Utilisation
      18. Publish Zoom Meetings
      19. Advertising
      20. Restreaming IP Cameras
    4. Video Guide Series
    5. Streaming Best Practices
    6. Feature Comparison
    7. Roadmap & Release Notes
Setup CSF Firewall

Last updated 3 months ago

Having a firewall setup on your server is an important step to keep your server and customers secure. This page will go through the steps to install and configure CSF to work with the Media Control Panel.

Many systems come with a firewall already installed, CentOS typically uses firewalld and Debian typically uses ufw.  We recommend and have created this guide for ConfigServer Security & Firewall (CSF). CSF is a powerful and feature rich firewall and security solution.

It is important to note before installing any firewall, please check our system requirements to make sure you don’t accidentally block MediaCP services that require internet access.

Once setup we also recommend you configure your firewall to secure your SSH port

Install ConfigServer Security & Firewall

1. Login to your server as root

It is required that you login to the server as a root user to install ConfigServer Security & Firewall (CSF).

2. Download ConfigServer Security & Firewall

wget https://download.configserver.com/csf.tgz

3. Uncompress csf.tgz

tar -xzf csf.tgz

4. Disable existing firewall

If using an existing firewall such as ufw it is important that it is disabled

ufw disable

5. Install firewalld if necessary

If firewalld is not installed it may be neccessary to install it 

apt install firewalld

6. Install CSF

  • Move into the csf directory
cd csf
  • Run the install script
sh install.sh

Configure ConfigServer Security & Firewall

Now that CSF is installed you will need to configure it to allow the ports used by the Media Control Panel and your media services

1. Use nano to open the csf.conf file

nano /etc/csf/csf.conf

Allow the incoming and outgoing ports relevant to your panel, the image below is configured to work with the panel, Audio services, AutoDJ, and Nginx-Rtmp. Your configuration will vary based on the media services you use.

It is required that your server have the following ports available to operate the MediaCP:

  • Main web GUI – 2020
  • AutoSSL – 80
  • FTP server access – 2121, 50000 – 51000

Additional ports are required to run various media services:

  • Audio Services (Shoutcast 1/2 & Icecast) – 8000-9000, 10000-11000 (Icecast SSL/NON-SSL support)
  • AutoDJ Live Streaming Port – 6800-7000
  • Wowza Streaming Engine – TCP 554, 1935, 1936, 8084, 8086, 8089 & UDP 554
  • Flussonic Media Server – TCP 554, 1935, 3308, 8080, 8081
  • Nginx Free Video Server – TCP 19350, 19360

2. Save changes

Once you have configured your ports save the file with Ctrl+X and typing y in order to save your changes.

3. Apply the configuration changes by restarting CSF

csf -r

The firewall should now be active with the ports you opened working in testing mode. You can now test to confirm that everything is working and accessible.

4. Disable testing mode

If everything is now working, you can disable testing mode by opening the configuration file once more:

nano /etc/csf/csf.conf

At the top of the configuration file you should see the TESTING setting set to 1. Changing this to 0 as shown below will disable testing mode:

TESTING = "0"

Once again save the file with Ctrl+X and typing y in order to save your changes, then restart CSF a final time to apply the change:

csf -r

Congratulations you now have ConfigServer Security & Firewall installed and running! From here you can continue to configure CSF by blocking IP access to your SSH or securing your server in other ways. We have a dedicated page for securing your server that you can read through here: 

Table of Contents