Discover Centmin Mod today
Register Now

CSF What should be the right value for "LF_IPSET" on csf config?

Discussion in 'Centmin Mod Insights' started by rdan, Dec 27, 2014.

  1. rdan

    rdan Well-Known Member

    5,426
    1,389
    113
    May 25, 2014
    Ratings:
    +2,172
    Local Time:
    4:35 AM
    Mainline
    10.2
    For a pure Dedicated Server/Ovh.


    I have some VPS and Dedicated server also but with different value.
    Should be 1 or 0?
     
  2. eva2000

    eva2000 Administrator Staff Member

    50,919
    11,804
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,262
    Local Time:
    6:35 AM
    Nginx 1.25.x
    MariaDB 10.x
    these 3 github commits for Centmin Mod 1.2.3-eva2000.08 beta01 are related to enabling the new CSF LF_IPSET options
    LF_IPSET should only be enabled if you have ipset YUM package installed + are on non-OpenVZ based systems see line 30-48 in inc/csftweaks.inc and line 28-37 in inc/cpcheck.inc (which runs everytime centmin.sh is invoked for checks and takes care of existing Centmin Mod users automatically to determine if LF_IPSET should be automatically enabled (1) or disabled (0))

    in inc/csftweaks.inc line 30-48
    Code:
        if [ ! -f /proc/user_beancounters ]; then
            if [ ! -f /usr/sbin/ipset ]; then
                # CSF now has ipset support to offload large IP address numbers
                # from iptables so uses less server resources to handle many IPs
                # does not work with OpenVZ VPS so only implement for non-OpenVZ
                yum -q -y install ipset ipset-devel
                sed -i 's/LF_IPSET = \"0\"/LF_IPSET = \"1\"/' /etc/csf/csf.conf
                sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
                sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
            else
                sed -i 's/LF_IPSET = \"0\"/LF_IPSET = \"1\"/' /etc/csf/csf.conf
                sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
                sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
            fi
        else
            sed -i 's/LF_IPSET = \"1\"/LF_IPSET = \"0\"/' /etc/csf/csf.conf
            sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"200\"/' /etc/csf/csf.conf
            sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"200\"/' /etc/csf/csf.conf
        fi
     
    Last edited: Dec 27, 2014
  3. rdan

    rdan Well-Known Member

    5,426
    1,389
    113
    May 25, 2014
    Ratings:
    +2,172
    Local Time:
    4:35 AM
    Mainline
    10.2
    Thanks a lot!