CSF (ConfigServer Firewall) on a Linux system and you block a lot of IP addresses. Servers running iptables with CSF firewall can become slow and bogged down while processing the sometimes hundreds of IP addresses in CSF's iptables chains. Thankfully, it is possible to quickly and easily alleviate this slowdown by installing and configuring a took called ipset.
This option allows you to use ipset v6+ for the following csf options:
CC_* and /etc/csf/csf.blocklist, /etc/csf/csf.allow, /etc/csf/csf.deny,
GLOBAL_DENY, GLOBAL_ALLOW, DYNDNS, GLOBAL_DYNDNS, MESSENGER
ipset will only be used with the above options when listing IPs and CIDRs. Advanced Allow Filters and temporary blocks use traditional iptables. To use this option you must have a fully functioning installation of ipset installed either via rpm or source from http://ipset.netfilter.org/
It’s a straight forward process. CentOS, Red Hat and Fedora (yum based) users :
https://clients.macigroup.com/knowledgebase/328/Installing-IPSet-on-CentOS.html
https://portal.cloudunboxed.net/knowledgebase/22/Improve-CSF-iptables-performance-with-ipset.html
https://linoxide.com/linux-how-to/block-ips-countries-geoip-addons/
https://linoxide.com/linux-how-to/block-ips-country-ipset/
https://help.hostry.com/knowledge-base/how-to-use-ipset-on-centos-7/
https://www.cyberciti.biz/faq/centos-rhel-install-ipset-administration-tool-for-ip-sets-and-iptables/
This option allows you to use ipset v6+ for the following csf options:
CC_* and /etc/csf/csf.blocklist, /etc/csf/csf.allow, /etc/csf/csf.deny,
GLOBAL_DENY, GLOBAL_ALLOW, DYNDNS, GLOBAL_DYNDNS, MESSENGER
ipset will only be used with the above options when listing IPs and CIDRs. Advanced Allow Filters and temporary blocks use traditional iptables. To use this option you must have a fully functioning installation of ipset installed either via rpm or source from http://ipset.netfilter.org/
It’s a straight forward process. CentOS, Red Hat and Fedora (yum based) users :
# yum install ipset -y# sudo apt-get install ipset -y# vi /etc/csf/csf.conf
LF_IPSET = "1"
:x ( save & close )# csf -rhttps://clients.macigroup.com/knowledgebase/328/Installing-IPSet-on-CentOS.html
https://portal.cloudunboxed.net/knowledgebase/22/Improve-CSF-iptables-performance-with-ipset.html
https://linoxide.com/linux-how-to/block-ips-countries-geoip-addons/
https://linoxide.com/linux-how-to/block-ips-country-ipset/
https://help.hostry.com/knowledge-base/how-to-use-ipset-on-centos-7/
https://www.cyberciti.biz/faq/centos-rhel-install-ipset-administration-tool-for-ip-sets-and-iptables/
Comments
Post a Comment
You are always welcome to comment here, but your remarks should be relevant to the conversation. To keep the exchanges focused and engaging, we reserve the right to remove off-topic comments, or self-promoting URLs and vacuous messages.
We will try to reply to your queries as soon as time allows.
Regards,
Admin