CSF & Ipset Integration Question

Post Reply
bigd2000
Junior Member
Posts: 6
Joined: 08 Oct 2021, 18:49

CSF & Ipset Integration Question

Post by bigd2000 »

How are the IP's/ranges loaded into Ipset? Are they simply added to the csf.deny and csf processes them into Ipset or other method? Is there a way to easily bulk add deny IP's?

I have an existing ipset how do I add that to the deny?

All I've seen essentially is make sure it's installed and change the conf to 1.


Thanks!
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: CSF & Ipset Integration Question

Post by Sergio »

"How are the IP's/ranges loaded into Ipset?"
It is automatically, you just add the IPs into CSF.DENY

The easy method to add and deny IPs is to create your own IP BLACK LIST in your server, then add the list in CSF option:
LFD BLOCKLIST
bigd2000
Junior Member
Posts: 6
Joined: 08 Oct 2021, 18:49

Re: CSF & Ipset Integration Question

Post by bigd2000 »

Great, thanks! Does CSF need to be restarted after changes to the blacklist or the addition of one in the blacklist option?
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: CSF & Ipset Integration Question

Post by Sergio »

bigd2000 wrote: 22 Oct 2021, 21:09 Great, thanks! Does CSF need to be restarted after changes to the blacklist or the addition of one in the blacklist option?
Yes, you have to use LFD Restart option in CSF.

If you create your own black list, you have to specify when CSF is going to read the list, in the readme header of LFD BLACKLIST you can see how it needs to be configured.

In my case, I have a black list of IPs that I block among my servers and in each server I specify a different hour for CSF to get that list.
bigd2000
Junior Member
Posts: 6
Joined: 08 Oct 2021, 18:49

Re: CSF & Ipset Integration Question

Post by bigd2000 »

Thanks! Can you add a local list such as /path/to/the/blacklist.txt or must it be via an URL?
Sergio
Junior Member
Posts: 1712
Joined: 12 Dec 2006, 14:56

Re: CSF & Ipset Integration Question

Post by Sergio »

It should be an URL, the best way is to look at examples that are already in there.

Also, if you are saving the list in one of your domains, my advice is to add in your .htaccess an allow/deny entry for that file.
So, only the IP that you allow will have access to that file.
bigd2000
Junior Member
Posts: 6
Joined: 08 Oct 2021, 18:49

Re: CSF & Ipset Integration Question

Post by bigd2000 »

Right, thanks!
Post Reply