Page 2 of 2
Re: csf.deny ip address deny limit
Posted: 27 Feb 2014, 04:44
by ovan
Thank you
Re: csf.deny ip address deny limit
Posted: 09 Apr 2014, 16:17
by n2rga
Sorry for butting in but a question the Include /path_to_ip_file/blacklistip.txt
is there a limit of IPs I can have in that file or do I have to keep it under 1,000 each
Include?
thanks
Mitch
Re: csf.deny ip address deny limit
Posted: 10 Apr 2014, 10:42
by ovan
puppet wrote:ovan wrote:puppet wrote:I've put over 10K IPs in several text files and included in the csf.deny file on several cpanel servers more than 2 weeks without issue so far. Those servers have 5GB memory and 4 vcpus. I am afraid to add more IPs to the iptables.
How to put more than 1K IPs in csf.deny
because i saw in the csf from cpanel plugin is only 1K, and if any other IPs got blocked, will remove the ldest IPs blocked
You don't need to put all the IPs to one file. You can put those IPs to a seperate file then add an include to csf.deny like follows:
Include /path_to_ip_file/blacklistip.txt
Thanks for your reply,
how to put an include to csf.deny, i mean where should i put the
include syntax.?
is there any impact to the overall system.? such as a decrease in performance or higher CPU/Memory load
Re: csf.deny ip address deny limit
Posted: 14 Apr 2014, 15:23
by ovan
finally.... i/ve made change in DENY_IP_LIMIT which Recommended range: 10-1000 (Default: 200), i set it to 2000
case closed
Re: csf.deny ip address deny limit
Posted: 27 Apr 2019, 10:38
by ditto
I am sort of having almost the same problem. It must be a bug:
I have this:
Edit csf.allow, the IP address allow file (Currently: 70 permanent IP allows)
Edit csf.deny, the IP address deny file (Currently: 1010 permanent IP bans)
And my DENY_IP_LIMIT is 800 and my DENY_TEMP_IP_LIMIT is 200
What happens is when I have more then 1000 IPs in total I am not able to make changes in the GUI in "Firewall Deny IPs", when I click "Save" nothing is saved and CSF/LFD is not restarted.
So the bug only seem to happen when making manual changes in the GUI to the IPs in "Firewall Deny IPs", it just does not work if you have more then 1000 IPs.
Does anyone know a work around on this problem?
Re: csf.deny ip address deny limit
Posted: 07 May 2019, 16:46
by mopa5000
ovan wrote: ↑14 Apr 2014, 15:23
finally.... i/ve made change in DENY_IP_LIMIT which Recommended range: 10-1000 (Default: 200), i set it to 2000
case closed
Ovan, wherein do you notice that perm block default is 1000. Perm Block Default is 200 and temporary is a hundred in CSF.