HOW TO INCREASE DENY IP LIMIT IN CSF FIREWALL

5
(1)

In CSF firewall, old IP addresses will be automatically removed from /etc/csf/csf.deny file when the ‘DENY_IP_LIMIT ‘ is reached. An example is given below :

root@srv [~]# csf -d ip.add.re.ss

csf: DENY_IP_LIMIT (200), the following IP’s were removed from /etc/csf/csf.deny

In the above example you can see that DENY_IP_LIMIT is 200 so the oldest IP in csf.deny was removed when you tried to add a new IP to deny list.

Setting DENY limit to a very high value will slow down network and website. Make sure there is sufficient resources on the server before you increase this value.

To set new limit edit CSF configuration using nano editor

nano /etc/csf/csf.conf

Change the below lines

DENY_IP_LIMIT = “200” to DENY_IP_LIMIT = “500”
DENY_TEMP_IP_LIMIT = “100” to DENY_TEMP_IP_LIMIT = “500”

Save the configuration file.

Restart CSF.

root@srv[~]# csf -r

That’s all..

31

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

Scroll to Top