🐧 VistoShield
Server Edition

The modern replacement for CSF/LFD. Protect your Linux server with a powerful firewall daemon featuring nftables, login failure detection, bot blocking, country restrictions, and IP reputation — all without any cloud dependency.

Get Started → Compare to CSF

From €149/server/year. GPL-2.0 license.

Server Security Features

Everything you need to protect your Linux server, built into a single daemon.

🔥

Dual Firewall Backend

Native nftables support with automatic iptables/ip6tables fallback. VistoShield detects your kernel capabilities and uses the best available backend. SYN flood protection, connection tracking, and ICMP rate limiting are built in. Switch backends without changing your configuration.

🔍

Login Failure Detection

Monitors 9 services in real time: SSH, FTP, POP3, IMAP, SMTP, DirectAdmin, cPanel, Webmin, and ModSecurity. Configurable per-service thresholds with automatic temporary or permanent blocking. Progressive lockout intervals prevent repeated offenders.

🤖

Bot Detection & Rate Limiting

143+ bot signatures with a behavioral scoring engine that rates each visitor from 0 to 100. rDNS verification ensures real search engine bots pass through. Block, challenge, or monitor suspicious traffic. Per-IP rate limiting prevents resource abuse.

🌍

Country Blocking

CC_DENY and CC_ALLOW directives let you block or allow entire countries with a single config line. CIDR lists are automatically downloaded and updated. Supports both IPv4 and IPv6 country ranges. Compatible with CSF country blocking syntax.

📊

IP Reputation

FireHOL integration with auto-updated blocklists from multiple threat intelligence sources. Known malicious IPs are automatically detected and rate-limited or blocked at the firewall level before they reach your applications.

🛡️

Port & Connection Management

Fine-grained TCP and UDP port filtering with separate allow lists for incoming and outgoing traffic. ss-based IPv6-aware connection monitoring tracks connections per IP. Configurable connection limits prevent resource exhaustion.

🧪

Testing Mode

Enable testing mode to safely experiment with firewall rules without risk of locking yourself out. Rules are automatically cleared after a configurable interval (default: 5 minutes). Essential for remote server administration.

📡

Full IPv6 Support

Complete IPv6 support across all features: blocking, whitelisting, CIDR matching, country ranges, and connection tracking. No half-measures — IPv6 is treated as a first-class citizen throughout the entire codebase.

Control Panel Support

Manage VistoShield from your favorite hosting control panel.

DirectAdmin

Full admin and user-level plugin with real-time dashboard, firewall settings, blocked IP management, allow/deny lists, bot signature editor, and live log viewer. Admin-level server-wide controls and per-user account protection.

Available

Webmin

Complete Webmin module with configuration editor, blocked IP management, signature management, deny list editor, and service status monitoring. Integrates natively with Webmin's interface and authentication.

Available

cPanel / WHM

WHM plugin for server-wide firewall management across all accounts. cPanel interface for individual account protection, IP management, and security event monitoring.

Coming Soon

How It Works

Deploy in minutes. No cloud dependency. Everything runs on your server.

1

Install

One command installs VistoShield on your Linux server. The installer detects your OS, installs dependencies, sets up the daemon, and configures your firewall backend automatically.

curl -fsSL https://vistoshield.com/install.sh | bash
2

Configure

Edit vistoshield.conf directly or use the DirectAdmin/Webmin control panel plugin. Enable features, set LFD thresholds, add trusted IPs, configure country blocking, and tune bot detection sensitivity.

3

Monitor

Real-time dashboard shows firewall status, blocked IPs, and security events. Configure email alerts for critical events. Receive daily security reports with attack summaries and recommendations.

Why Switch from CSF?

VistoShield is the modern, actively maintained alternative to ConfigServer Security & Firewall.

Feature CSF/LFD VistoShield
nftables supportLimitedFull native support with automatic fallback
IPv6PartialComplete (blocking, whitelisting, CIDR)
Bot detectionNone143+ signatures + behavioral scoring
WordPress integrationNone5 dedicated security plugins via socket
Country blockingYesYes (auto-updated CIDR lists, IPv4 + IPv6)
IP reputationBasicFireHOL + multi-source threat intelligence
Connection trackingYesss-based, IPv6 aware, per-IP limits
Web UIcPanel/WHM onlyDirectAdmin + Webmin + cPanel
Testing modeManualAuto-clear with configurable interval
Active developmentSlowActive (2024+), open source

Server Pricing

Choose the plan that fits your needs.

Server Edition

149 /server/year
  • Full CLI + GUI panels (DirectAdmin, Webmin & cPanel)
  • Priority signature updates
  • Auto-updates
  • Email & ticket support
  • CSF migration wizard
Get Server Edition

Volume discount: €119/server/year for 5+ servers

30-day money-back guarantee

Get Started

Install VistoShield Server Edition in under a minute.

Quick Install

curl -fsSL https://vistoshield.com/install.sh | bash

Supported OS: Ubuntu 22.04+, Debian 12+, AlmaLinux 8+, CentOS Stream 9+

Requirements: Root access, systemd, nftables or iptables

What Happens Next

The installer will:

  • ✅ Detect your OS and firewall backend
  • ✅ Install the VistoShield daemon
  • ✅ Configure default firewall rules
  • ✅ Start the LFD and bot detection services
  • ✅ Set up log rotation and email alerts

Need the WordPress plugins too? Explore WordPress Edition →