In CSF firewall, old IP addresses will be automatically removed from /etc/csf/csf.deny file when the ‘DENY_IP_LIMIT ‘ is reached. An example is given below :
[email protected] [~]# csf -d ip.add.re.ss csf: DENY_IP_LIMIT (200), the following IP’s were removed from /etc/csf/csf.deny
In the above example you can see that DENY_IP_LIMIT is 200 so the oldest IP in csf.deny was removed when you tried to add a new IP to deny list.
Setting DENY limit to a very high value will slow down network and website. Make sure there is sufficient resources on the server before you increase this value.
To set new limit edit CSF configuration using nano editor
nano /etc/csf/csf.conf
Change the below lines
DENY_IP_LIMIT = “200” to DENY_IP_LIMIT = “500” DENY_TEMP_IP_LIMIT = “100” to DENY_TEMP_IP_LIMIT = “500”
Save the configuration file.
Restart CSF.
[email protected][~]# csf -r
That’s all..
Similar Posts:
- CSF: disable icmp ping
- basic csf commands
- How To List and Delete Iptables Firewall Rules
- HOW TO BLOCK AN IP ADDRESS ON A LINUX SERVER
- how to install csf on debian
813