This will improve your firewall's performance
Install IPSET using:
yum install ipset ipset-devel -y
Update configuration file /etc/csf/csf.conf. Value for LF_IPSET needs to be set to 1 to get it enabled
Once its done go ahead and increase DENY_IP_LIMIT and DENY_TEMP_IP_LIMIT values for example up to 3000
You may use the following sed command for that
sed -i -e 's/LF_IPSET = "0"/LF_IPSET = "1"/g' /etc/csf/csf.conf sed -i -e 's/DENY_IP_LIMIT = "100"/DENY_IP_LIMIT = "3000"/g' /etc/csf/csf.conf sed -i -e 's/DENY_TEMP_IP_LIMIT = "100"/DENY_TEMP_IP_LIMIT = "3000"/g' /etc/csf/csf.conf
This option allows you to use ipset v6+ for the following csf options:
CC_* and /etc/csf/csf.blocklist, /etc/csf/csf.allow, /etc/csf/csf.deny,
GLOBAL_DENY, GLOBAL_ALLOW, DYNDNS, GLOBAL_DYNDNS, MESSENGER
ipset will only be used with the above options when listing IPs and CIDRs.
Advanced Allow Filters and ***temporary blocks*** use traditional iptables