LF Temp to Permanent Ban

Post Reply
bsntech
Junior Member
Posts: 12
Joined: 29 Mar 2014, 13:36

LF Temp to Permanent Ban

Post by bsntech »

Used the web-based configuration manager to set the config for CSF.

I see that there is a setting to take an IP / IP range from a temporary block to a permanent block.

I've enabled this functionality as such:

LF_PERMBLOCK = 1
LF_PERMBLOCK_INTERVAL = 86400
LF_PERMBLOCK_COUNT = 4
LF_PERMBLOCK_ALERT = 1

However, I am unsure where these settings are used. En general, what I am looking at doing is setting the config so that if there are invalid logins via FTP, SMTP, IMAP, or POP3 that they will be blocked initially for five minutes (300 seconds). But if the offender tries back four times within 24 hours, then they are blocked for 24 hours. I believe the settings noted above are correct for this.

But I have some confusion with the login failure section - because I only see the options to either permanently block - or provide a time. Example in my config:

LF_TRIGGER = 0 (this is because I want to set a different trigger for each item)
LF_TRIGER_PERM = 0
LF_FTPD = 3 (block anyone that tries three invalid logins to FTP)
LF_FTPD_PERM = 1 (this is the setting I'm unsure of)

Hopefully my question is clear enough. I just want to make sure that the configuration is set so that initially, any attacker will be blocked for just five minutes (300 seconds) and then upon the fourth attack, they would then be blocked for 24 hours.

Thank you!
bsntech
Junior Member
Posts: 12
Joined: 29 Mar 2014, 13:36

Re: LF Temp to Permanent Ban

Post by bsntech »

Was able to answer this on my own after fixing the issue on how to block 401 errors in Apache.

Needless to say, you will set the specific "PERM" setting (such as LF_FTPD_PERM) to the temporary block amount - such as 300 seconds (5 minutes). The the Temp-to-Perm settings will watch and once they are over the LF_PERMBLOCK_COUNT that you have set, it will permanently block that IP to the LF_PERMBLOCK_INTERVAL.
Post Reply