CSF future on DirectAdmin — Where do we stand 6 months after the shutdown?

[castris]

CSF future on DirectAdmin — Where do we stand 6 months after the shutdown?

It's been almost six months since Way to the Web shut down (August 31, 2025), and I think the DirectAdmin community deserves some clarity on the CSF situation.

Here's what we know so far:

• cPanel has acted. They announced a maintained GPLv3 fork back in November 2025, with auto-update migration scheduled for February 18, 2026. Clear timeline, clear commitment.
• DirectAdmin has not. CustomBuild still installs CSF via

  da build set csf yes

  , but there's no public statement about where those packages come from, who maintains them, or what happens next.

So the obvious question is: will DirectAdmin adopt the cPanel fork, or is there a separate plan?

Meanwhile, the community has moved. Several forks are actively maintained:

• Aetherinox/csf-firewall — Already at v15.08, active development, nftables support in progress, proper documentation at configserver.dev. This is my personal choice for production servers right now.
• Sentinel Firewall — Community-driven, backed by the OpenPanel team.
• Centmin Mod and Black-HOST maintain their own mirrors as well.

As sysadmins running DA in production, we need answers to three specific questions:

1. What is the current update source for CSF when installed via CustomBuild? Is it the original v15.00 frozen, the cPanel fork, or something else?
2. Is there a commitment to keep CSF as a first-class citizen in DirectAdmin, or should we expect a transition to firewalld/nftables with BFM as the only DA-integrated option?
3. Will DirectAdmin officially endorse or integrate one of the community forks? The Aetherinox fork in particular has shown serious commitment — signed releases, active bugfixes, and broad panel support (cPanel, DirectAdmin, CyberPanel, Webmin).

The silence is the problem. Those of us managing dozens of DA servers need to make infrastructure decisions now, not "early 2026 maybe." Every month without a clear answer is another month we're running security-critical software with no defined upstream.

I'd love to hear from the DA team, but also from fellow admins: what are you running today? Have you switched forks? Moved to an alternative stack entirely?

---

30 years in sysadmin. 65+ VPS across OVH and Hetzner. CSF on every single one. This matters.

 

[Ohm J]

It already fork by DA team.

 

[Marius B]

cPanel and DirectAdmin share the same parent company (WebPros). So the obvious question is: will DirectAdmin adopt the cPanel fork, or is there a separate plan?

DirectAdmin is not part of WebPros !

 

[Richard G]

cPanel has acted. They announced a maintained GPLv3 fork back in November 2025, with auto-update migration scheduled for February 18, 2026. Clear timeline, clear commitment.

DA was way before cPanel and cPanel did not even make it to the Februari 18 release as announced, so their RPM's will be updated later, see the corresponding thread at cPanel.

As you could have found on the forum, DA has forked only a few weeks after CSF stopped and also already has brought 2 minor updates.

1.) DA uses their own fork and already has version 15.02
2.) Not fully known yet, however without ipset the current CSF already works with nftables.
3.) Unknown yet, probably there will not be such big cooperation with others, which is also not to expect from other panels.

 

[DrWizzle]

I've been on the Configserver.dev discord channel for a few months and the community there is very active.

 

[castris]

DirectAdmin is not part of WebPros !

Where did I say they were part of WebPross?
It might be a misunderstanding because I'm not very fluent. I'm Spanish, and perhaps my English isn't perfect.

 

[castris]

Thank you all for the replies — very helpful.

@Richard G​

Good to know DA forked shortly after the shutdown and that 15.02 is already in CustomBuild. That answers the immediate concern about the update source.

A quick follow-up: is the DA fork available in a public repository? Right now we can see the result via da build csf, but not the source or the changelog. Having a repo would help with things like auditing changes, tracking what was patched, and keeping configurations consistent across servers.

For reference, cPanel published their fork on GitHub under GPLv3, and the community fork at Aetherinox/csf-firewall (also GPLv3, already at 15.08) has been quite active. Both allow users to see exactly what changed between versions.

@DrWizzle​

Good pointer on the Configserver.dev Discord — I'll check it out.

 

[Zhenmue]

cPanel and DirectAdmin share the same parent company (WebPros).

here you said it.

 

[castris]

Oops.. sorry. A terrible mistake. Edit.

 

[Richard G]

For reference, cPanel published their fork on GitHub under GPLv3,

I don't know about that, I only know that cPanel creates their own RPM's for it.
And that the official release for their version is moved to the 25th this month as you can read in their announcement (click) and uses their own update mirrors.

As for others... that is nice but can those be trusted? Who knows and it's only 1 person so if something happens.....
We will keep using the one DA will provide for DA servers and see how it develops in the future. No hurry for us as all is still working as designed.

 

[johannes]

.. and it's only 1 person so if something happens.....

Make me think at Typo3, which was also originally a 1-man-show

 

[zEitEr]

A quick follow-up: is the DA fork available in a public repository?

You can find and download a tar.gz file from here: https://files.directadmin.com/services/
A direct link to the latest version will be as the following:

https://files.directadmin.com/services/csf-15.05.tar.gz

 

[Sheldon]

Regardless of what version the DA version is at for CSF, we are owed an explanation of what fork it is. Is it DA proprietary, the cPanel one or the configserver.dev fork Aetherinox...

Do I need to upgrade it to the configserver.dev version? Questions we ask ourselves.

 

[floyd]

Regardless of what version the DA version is at for CSF, we are owed an explanation of what fork it is.

I think it has already been explained that DA maintains its own fork. I guess we could call it the DA fork.

 

[zEitEr]

Regardless of what version the DA version is at for CSF, we are owed an explanation of what fork it is. Is it DA proprietary, the cPanel one or the configserver.dev fork Aetherinox...

In order to answer this question you might download the last official release:

- https://files.directadmin.com/services/csf-14.24.tar.gz or
- https://files.directadmin.com/services/csf-15.00.tar.gz

and one modified and maintained by DirectAdmin:

- https://files.directadmin.com/services/csf-15.01.tar.gz
- https://files.directadmin.com/services/csf-15.02.tar.gz
- https://files.directadmin.com/services/csf-15.03.tar.gz
- https://files.directadmin.com/services/csf-15.04.tar.gz
- https://files.directadmin.com/services/csf-15.05.tar.gz

and compare them by files

Or/and see the changelog:

ChangeLog:

15.05 - Updated ssh log parsing patterns to support OpenSSH 9.8 and newer

15.04 - Removed set-uid binary wrapper from DirectAdmin plugin

15.03 - Removed surplus iframe for CSF plugin in directAdmin Evolution skin

Added `/usr/bin/bwrap` to the `csf.directadmin.pignore` file

Updated `csf.directadmin.conf` to use LF_INTEGRITY=0 and PT_LIMIT=0

15.02 - Revert to TESTING=1 in the default config

15.01 - Update LFD faied login detection to be compatible with Dovecot 2.4

Update default csf configuration for DirectAdmin installations

Update csf.c wrapper to be compatible with modern gcc

15.00 - Changed license to GPLv3

14.24 - Fixed regression bug in v14.23 "Modified UI HTTP header checks to be
case agnostic"

You might see the tracking-changes-only repository here: https://github.com/poralix/da-csf/

 

[itcms]

You need to understand that CSF is no longer a reliable solution. It faces significant challenges, especially with modern kernels and compatibility issues with nftables and ipv6 cases. At this point, you should consider more mature solutions or experimental alternatives. CSF’s usability is under serious pressure, and its level of protection is now essentially equivalent to Fail2Ban—while being easier to use mainly for amateur users.