Hi,
I started to use IPSET with CSF, really nice addition, hope in a future Chirpy creates a GUI on where to add or delete IPs on the IPSET.
POST EDITED DUE TO NEW ADVANCES!!
I have to admit, with new toys to play there will always be a chance to forget something, lol.
CSF + IPSET works great!!!
After configuring everything on the server I restarted CSF completely and CSF created a few IPSET databases for each one of the rules that were set on LFD BLOCKLIST, so, it created bl_MAXMIND, bl_TOR, bl_SPAMCOP, etc. and I add my own called BLACKIPS with over 20K IPs in there, I have my own script that block IPs that have triggered my own mod_security rules and with a cron I move those IPs from CFS.DENY to my BLACKIPS.
The load on the server before IPSET was about 2.0 average, now, with IPSET running about 20K blocked IPs the load has been in 0.42 average.
In one word, IPSET is a really nice addition to CSF, thanks Jonathan!!
New IPSET function feedback.
-
addictofcsf
- Junior Member
- Posts: 8
- Joined: 20 May 2015, 09:51
Re: New IPSET function feedback.
After I disable FASTSTART it has been fixed 
------------------
Hello,
If I try to use IPSET I get the following message when I restart CSF.
------------------
Hello,
If I try to use IPSET I get the following message when I restart CSF.
Do you have any idea about this?open3: exec of /usr/sbin/ipset flush failed at /usr/sbin/csf line 4191.
Re: New IPSET function feedback.
I have the same problem running centos 6.6 with cloudlinux:
open3: exec of /usr/sbin/ipset flush failed at /usr/sbin/csf line 4563
Firewall will not start if lf_ipset enabled
open3: exec of /usr/sbin/ipset flush failed at /usr/sbin/csf line 4563
Firewall will not start if lf_ipset enabled
Re: New IPSET function feedback.
I have the same problem running centos 6.7 with cloudlinux:
open3: exec of /usr/sbin/ipset flush failed at /usr/sbin/csf line 4563
Firewall will not start if lf_ipset enabled even with FASTSTART disabled
open3: exec of /usr/sbin/ipset flush failed at /usr/sbin/csf line 4563
Firewall will not start if lf_ipset enabled even with FASTSTART disabled
Re: New IPSET function feedback.
Hi Sergio
<smacks forehead>
That's correct - this is a new server, and I forgot to install ipset!
<smacks forehead>
That's correct - this is a new server, and I forgot to install ipset!
Re: New IPSET function feedback.
Glad to help.
Re: New IPSET function feedback.
also <smacks forehead> 
I used yum install ipset and that seemed to do the trick, which is lucky since I don't have a clue!
thanks Sergio
I used yum install ipset and that seemed to do the trick, which is lucky since I don't have a clue!
thanks Sergio
Re: New IPSET function feedback.
yes, that is the first step to start using iptables.
Good to know it worked for you.
Good to know it worked for you.