readme CSF file examples missing.

[Sergio]

Hi Jonathan,
just to let you know that examples on how to set connlimit are missing, from the readme.txt file:

The protection can only be applied to the TCP protocol.

Syntax for the CONNLIMIT setting:

PORTFLOOD is a comma separated list of:
port;limit

So, a setting of PORTFLOOD = "22;5,80;20" means:

Sergio

[Frego]

I did this. No warnings from doing it.

CONNLIMIT = 80;20,110;5,143;5,443;5,465;5,587;5,993;5,995;5

PORTFLOOD = 80;tcp;20;5,110;tcp;20;5,143;tcp;20;5,443;tcp;20;5,465;tcp;20;5,587;tcp;20;5,993;tcp;20;5,995;tcp;20;5

CONNLIMIT_LOGGING = 1

[chirpy]

I'll fix the cut&paste mistake in the next release. It should of course read:

The protection can only be applied to the TCP protocol.

Syntax for the CONNLIMIT setting:

CONNLIMIT is a comma separated list of:
port;limit

So, a setting of CONNLIMIT = "22;5,80;20" means:

[Sergio]

Thank you Jonathan.

[tvcnet]

Hi,
So are there general recommendations for these two settings?

CONNLIMIT =
PORTFLOOD =

We have not used them in the past though are considering applying them on servers we've seen more aggressive connections recently.

Safe settings that generally work well in a shared server environment recommended by CSF staff?

Thanks,
Jim

[chirpy]

The settings values depend entirely on your user demographic and the type of attack you want to block. You will simply have t experiment with settings until you reduce the number of false-positives to an acceptable level. We would recommend using CONNLIMIT over PORTFLOOD where possible.