I don't use Centminmod, but i always checked this board as a guest to take many ideas and different approach to my webserver, so why not register? At the moment im using Centos 7 with Nginx 1.9.11 compiled with LibreSSL, php-fpm 7.0.3 and MariaDB 10.1.11. Regarding the firewall i use iptables and fail2ban. My prefer with Fail2ban is because i have a Invision Board and sometimes i was getting layer 7 attacks(leading to 100% cpu). With it i was able to create a regex where i defined that if someone makes 50 requests in 5 seconds it will be banned using iptables. Fail2ban also let me make ignore regex where i exclude the css and images folders, this is something i think CSF can't do, and that why i choose fail2ban.