Page 1 of 1
csf.blocklists how many IPs is too many?
Posted: 23 Nov 2015, 20:22
by postcd
Hello,
In file csf.blocklists, one can enable various external IP blacklists to be included in CSF.
I want to ask how many IPs is too much to be blocked?
I have around 3GB RAM free. One spare CPU core, not sure how to count how many IPs i can afford to block.
openbl.org list has around 2300 IPs
Here someone have a time to move some deny ips into an external blacklist file, not sure what is difference between external blacklist and internal deny list in terms of speed and possible size of the list.
Re: csf.blocklists how many IPs is too many?
Posted: 25 Nov 2015, 12:34
by marcele
When using block lists I highly recommend that you enable ipset if your operating system supports it.
Note:
1. Ipset 6+ is required. Legacy operating systems like RHEL 5 or Centos 5 do not support Ipset 6+
2. Ipset will not function on Virtuozzo/OpenVZ.
About ipset
http://www.linuxjournal.com/content/adv ... ions-ipset
Installation
Centos / Redhat
Debian / Ubuntu
Edit the file
/etc/csf/csf.conf and change the config item
LF_IPSET to
1.
Restart the firewall (as root):
With ipsets enabled you can enable any or all of the blocklists provided by CSF and you really don't need to worry about iptables rules limits. It's really that good.
Re: csf.blocklists how many IPs is too many?
Posted: 25 Nov 2015, 18:04
by postcd
Thanks alot for reminding ipset, i once been researching about it and found i cant use it as im using OpenVZ:
> 2. Ipset will not function on Virtuozzo/OpenVZ.
Re: csf.blocklists how many IPs is too many?
Posted: 25 Nov 2015, 20:07
by marcele
You are going to be severely limited by what you can do in Virtuozzo. Newer VPS systems like KVM still support ipset.
I would check if your provider is limiting the amount of iptables rules in your VPS. You can check what your "numiptent" parameter is by issuing the following command:
That will tell you your VPS limits. Then you can set CSF settings accordingly.
Re: csf.blocklists how many IPs is too many?
Posted: 25 Nov 2015, 22:30
by postcd
Thx for nice advice regarding
numiptent. I have this value very high and i can also tweak it as i have access to the host server. It surprised me that OpenVZ says: "It is not recommended to allow containers to create more than 200–300 numiptent."
So still im unsure how to meter/discover safe amount of IPs i can block (having 600 "no delete" IPs in deny ip list already and thousands i wish to block in external blacklists)