silver_2000 wrote:No conflicts but it appears that CSF or Cpanel has written the changes back out of the IP tables list - meaning - the blocks go away..
I'm also curious as to combining these with CSF. Is making changes to iptables with csf going to undo the additions done with either of these tools (or vica versa)? Is it possible to get too many lines in iptables? Any advice out there?
I kind of found my own answers with a little refresher reading of the comments in csf.conf. I gather it is possible to get too many lines in the iptables and cause problems with your server, depending on the resources available to you.
As to combining other blocks with CSF, such as http://fixingtheweb.com/country/blocking.html or the okean list, I'm currently experimenting with including one of those as the global csf deny. I think that's working.
I've only skimmed, but can't you use the scripts at fixingtheweb.com to generate a text file that you could then refer to as your global deny list?