How to configure firewall on CentOS cPanel server to use IPSET

917  admin  

This will improve your firewall's  performance

Install IPSET using:

yum install ipset ipset-devel -y

Update configuration file /etc/csf/csf.conf. Value for LF_IPSET needs to be set to 1 to get it enabled

Once its done go ahead and increase DENY_IP_LIMIT and DENY_TEMP_IP_LIMIT values for example up to 3000

You may use the following sed command for that

sed -i -e 's/LF_IPSET = "0"/LF_IPSET = "1"/g' /etc/csf/csf.conf
sed -i -e 's/DENY_IP_LIMIT = "100"/DENY_IP_LIMIT = "3000"/g' /etc/csf/csf.conf
sed -i -e 's/DENY_TEMP_IP_LIMIT = "100"/DENY_TEMP_IP_LIMIT = "3000"/g' /etc/csf/csf.conf

Similar Posts:

One comment on “How to configure firewall on CentOS cPanel server to use IPSET

  1. This option allows you to use ipset v6+ for the following csf options:
    CC_* and /etc/csf/csf.blocklist, /etc/csf/csf.allow, /etc/csf/csf.deny,
    GLOBAL_DENY, GLOBAL_ALLOW, DYNDNS, GLOBAL_DYNDNS, MESSENGER

    ipset will only be used with the above options when listing IPs and CIDRs.

    Advanced Allow Filters and ***temporary blocks*** use traditional iptables

    Reply

Leave a Reply to Craig Ansell Cancel reply

Your email address will not be published. Required fields are marked *