csf.deny ip address deny limit

ovan
Junior Member
Posts: 9
Joined: 09 Feb 2014, 12:03
Location: Jakarta

csf.deny ip address deny limit

Post by ovan »

Hello,

As we know that the IP address deny file in csf.deny is limited to 1000 ip's
lately i had a massive attacks with over a thousands ip address, my question is.... can i set ip address deny limit in csf.deny over than 1000 ip's...?

Thank you
sawbuck
Junior Member
Posts: 366
Joined: 10 Dec 2006, 16:20

Re: csf.deny ip address deny limit

Post by sawbuck »

Short answer is yes.

The 1K limit is a suggested maximum value.
krazykatz911
Junior Member
Posts: 19
Joined: 12 Feb 2014, 14:37

Re: csf.deny ip address deny limit

Post by krazykatz911 »

I thought that having a list too big impacts server performance? True?

Isn't the default setting only like 100 ip's for temp, and 200 ip's for perm?
krazykatz911
Junior Member
Posts: 19
Joined: 12 Feb 2014, 14:37

Re: csf.deny ip address deny limit

Post by krazykatz911 »

# Limit the number of IP's kept in the /etc/csf/csf.deny file. This can be
# important as a large number of IP addresses create a large number of iptables
# rules (4 times the number of IP's) which can cause problems on some systems
# where either the the number of iptables entries has been limited (esp VPS's)
# or where resources are limited. This can result in slow network performance,
# or, in the case of iptables entry limits, can prevent your server from
# booting as not all the required iptables chain settings will be correctly
# configured. The value set here is the maximum number of IPs/CIDRs allowed
# if the limit is reached, the entries will be rotated so that the oldest
# entries (i.e. the ones at the top) will be removed and the latest is added.
# The limit is only checked when using csf -d (which is what lfd also uses)
# Set to 0 to disable limiting
ovan
Junior Member
Posts: 9
Joined: 09 Feb 2014, 12:03
Location: Jakarta

Re: csf.deny ip address deny limit

Post by ovan »

default setting for perm blocked ip is 1000, i have a good enough spec for my vps (Xeon E5 6 core HT, 32GB RAM, 3TB SATA III RAID 1). but i still didn't have the guts to put over than 1K blocked ip's.
meanwhile intrusion alert from LFD keeps coming everyday
krazykatz911
Junior Member
Posts: 19
Joined: 12 Feb 2014, 14:37

Re: csf.deny ip address deny limit

Post by krazykatz911 »

Ovan, where do you see that perm block default is 1000. Perm Block Default is 200 and Temporary is 100 in CSF.
ovan
Junior Member
Posts: 9
Joined: 09 Feb 2014, 12:03
Location: Jakarta

Re: csf.deny ip address deny limit

Post by ovan »

i mean at the firewall ip deny limit, by default it can't be more than 1000 ip address denied
"csf.deny, the IP address deny file (Currently: 907 permanent IP bans)"
puppet
Junior Member
Posts: 22
Joined: 04 Apr 2012, 00:10

Re: csf.deny ip address deny limit

Post by puppet »

I've put over 10K IPs in several text files and included in the csf.deny file on several cpanel servers more than 2 weeks without issue so far. Those servers have 5GB memory and 4 vcpus. I am afraid to add more IPs to the iptables.
ovan
Junior Member
Posts: 9
Joined: 09 Feb 2014, 12:03
Location: Jakarta

Re: csf.deny ip address deny limit

Post by ovan »

puppet wrote:I've put over 10K IPs in several text files and included in the csf.deny file on several cpanel servers more than 2 weeks without issue so far. Those servers have 5GB memory and 4 vcpus. I am afraid to add more IPs to the iptables.
How to put more than 1K IPs in csf.deny
because i saw in the csf from cpanel plugin is only 1K, and if any other IPs got blocked, will remove the ldest IPs blocked
puppet
Junior Member
Posts: 22
Joined: 04 Apr 2012, 00:10

Re: csf.deny ip address deny limit

Post by puppet »

ovan wrote:
puppet wrote:I've put over 10K IPs in several text files and included in the csf.deny file on several cpanel servers more than 2 weeks without issue so far. Those servers have 5GB memory and 4 vcpus. I am afraid to add more IPs to the iptables.
How to put more than 1K IPs in csf.deny
because i saw in the csf from cpanel plugin is only 1K, and if any other IPs got blocked, will remove the ldest IPs blocked
You don't need to put all the IPs to one file. You can put those IPs to a seperate file then add an include to csf.deny like follows:

Include /path_to_ip_file/blacklistip.txt
Post Reply