CSF future on DirectAdmin — Where do we stand 6 months after the shutdown?

[castris]

CSF future on DirectAdmin — Where do we stand 6 months after the shutdown?

It's been almost six months since Way to the Web shut down (August 31, 2025), and I think the DirectAdmin community deserves some clarity on the CSF situation.

Here's what we know so far:

• cPanel has acted. They announced a maintained GPLv3 fork back in November 2025, with auto-update migration scheduled for February 18, 2026. Clear timeline, clear commitment.
• DirectAdmin has not. CustomBuild still installs CSF via

  da build set csf yes

  , but there's no public statement about where those packages come from, who maintains them, or what happens next.

So the obvious question is: will DirectAdmin adopt the cPanel fork, or is there a separate plan?

Meanwhile, the community has moved. Several forks are actively maintained:

• Aetherinox/csf-firewall — Already at v15.08, active development, nftables support in progress, proper documentation at configserver.dev. This is my personal choice for production servers right now.
• Sentinel Firewall — Community-driven, backed by the OpenPanel team.
• Centmin Mod and Black-HOST maintain their own mirrors as well.

As sysadmins running DA in production, we need answers to three specific questions:

1. What is the current update source for CSF when installed via CustomBuild? Is it the original v15.00 frozen, the cPanel fork, or something else?
2. Is there a commitment to keep CSF as a first-class citizen in DirectAdmin, or should we expect a transition to firewalld/nftables with BFM as the only DA-integrated option?
3. Will DirectAdmin officially endorse or integrate one of the community forks? The Aetherinox fork in particular has shown serious commitment — signed releases, active bugfixes, and broad panel support (cPanel, DirectAdmin, CyberPanel, Webmin).

The silence is the problem. Those of us managing dozens of DA servers need to make infrastructure decisions now, not "early 2026 maybe." Every month without a clear answer is another month we're running security-critical software with no defined upstream.

I'd love to hear from the DA team, but also from fellow admins: what are you running today? Have you switched forks? Moved to an alternative stack entirely?

---

30 years in sysadmin. 65+ VPS across OVH and Hetzner. CSF on every single one. This matters.

 

[Ohm J]

It already fork by DA team.

 

[Marius B]

cPanel and DirectAdmin share the same parent company (WebPros). So the obvious question is: will DirectAdmin adopt the cPanel fork, or is there a separate plan?

DirectAdmin is not part of WebPros !

 

[Richard G]

cPanel has acted. They announced a maintained GPLv3 fork back in November 2025, with auto-update migration scheduled for February 18, 2026. Clear timeline, clear commitment.

DA was way before cPanel and cPanel did not even make it to the Februari 18 release as announced, so their RPM's will be updated later, see the corresponding thread at cPanel.

As you could have found on the forum, DA has forked only a few weeks after CSF stopped and also already has brought 2 minor updates.

1.) DA uses their own fork and already has version 15.02
2.) Not fully known yet, however without ipset the current CSF already works with nftables.
3.) Unknown yet, probably there will not be such big cooperation with others, which is also not to expect from other panels.

 

[DrWizzle]

I've been on the Configserver.dev discord channel for a few months and the community there is very active.

 

[castris]

DirectAdmin is not part of WebPros !

Where did I say they were part of WebPross?
It might be a misunderstanding because I'm not very fluent. I'm Spanish, and perhaps my English isn't perfect.

 

[castris]

Thank you all for the replies — very helpful.

@Richard G​

Good to know DA forked shortly after the shutdown and that 15.02 is already in CustomBuild. That answers the immediate concern about the update source.

A quick follow-up: is the DA fork available in a public repository? Right now we can see the result via da build csf, but not the source or the changelog. Having a repo would help with things like auditing changes, tracking what was patched, and keeping configurations consistent across servers.

For reference, cPanel published their fork on GitHub under GPLv3, and the community fork at Aetherinox/csf-firewall (also GPLv3, already at 15.08) has been quite active. Both allow users to see exactly what changed between versions.

@DrWizzle​

Good pointer on the Configserver.dev Discord — I'll check it out.

 

[Zhenmue]

cPanel and DirectAdmin share the same parent company (WebPros).

here you said it.

 

[castris]

Oops.. sorry. A terrible mistake. Edit.