csf.deny ip address deny limit

[ovan]

Hello,

As we know that the IP address deny file in csf.deny is limited to 1000 ip's
lately i had a massive attacks with over a thousands ip address, my question is.... can i set ip address deny limit in csf.deny over than 1000 ip's...?

Thank you

[sawbuck]

Short answer is yes.

The 1K limit is a suggested maximum value.

[krazykatz911]

I thought that having a list too big impacts server performance? True?

Isn't the default setting only like 100 ip's for temp, and 200 ip's for perm?

[krazykatz911]

# Limit the number of IP's kept in the /etc/csf/csf.deny file. This can be
# important as a large number of IP addresses create a large number of iptables
# rules (4 times the number of IP's) which can cause problems on some systems
# where either the the number of iptables entries has been limited (esp VPS's)
# or where resources are limited. This can result in slow network performance,
# or, in the case of iptables entry limits, can prevent your server from
# booting as not all the required iptables chain settings will be correctly
# configured. The value set here is the maximum number of IPs/CIDRs allowed
# if the limit is reached, the entries will be rotated so that the oldest
# entries (i.e. the ones at the top) will be removed and the latest is added.
# The limit is only checked when using csf -d (which is what lfd also uses)
# Set to 0 to disable limiting

[ovan]

default setting for perm blocked ip is 1000, i have a good enough spec for my vps (Xeon E5 6 core HT, 32GB RAM, 3TB SATA III RAID 1). but i still didn't have the guts to put over than 1K blocked ip's.
meanwhile intrusion alert from LFD keeps coming everyday

[krazykatz911]

Ovan, where do you see that perm block default is 1000. Perm Block Default is 200 and Temporary is 100 in CSF.

[ovan]

i mean at the firewall ip deny limit, by default it can't be more than 1000 ip address denied
"csf.deny, the IP address deny file (Currently: 907 permanent IP bans)"

[puppet]

I've put over 10K IPs in several text files and included in the csf.deny file on several cpanel servers more than 2 weeks without issue so far. Those servers have 5GB memory and 4 vcpus. I am afraid to add more IPs to the iptables.

[ovan]

I've put over 10K IPs in several text files and included in the csf.deny file on several cpanel servers more than 2 weeks without issue so far. Those servers have 5GB memory and 4 vcpus. I am afraid to add more IPs to the iptables.

How to put more than 1K IPs in csf.deny
because i saw in the csf from cpanel plugin is only 1K, and if any other IPs got blocked, will remove the ldest IPs blocked

[puppet]

I've put over 10K IPs in several text files and included in the csf.deny file on several cpanel servers more than 2 weeks without issue so far. Those servers have 5GB memory and 4 vcpus. I am afraid to add more IPs to the iptables.

How to put more than 1K IPs in csf.deny
because i saw in the csf from cpanel plugin is only 1K, and if any other IPs got blocked, will remove the ldest IPs blocked

You don't need to put all the IPs to one file. You can put those IPs to a seperate file then add an include to csf.deny like follows:

Include /path_to_ip_file/blacklistip.txt