Get the most out of your Centmin Mod LEMP stack
Become a Member

CSF What should be the right value for "LF_IPSET" on csf config?

Discussion in 'Centmin Mod Insights' started by rdan, Dec 27, 2014.

  1. rdan

    rdan Premium Member Premium Member

    4,244
    1,033
    113
    May 25, 2014
    Ratings:
    +1,481
    Local Time:
    1:46 PM
    Mainline
    10.2
    For a pure Dedicated Server/Ovh.

    I have some VPS and Dedicated server also but with different value.
    Should be 1 or 0?
     
  2. eva2000

    eva2000 Administrator Staff Member

    35,559
    7,840
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,083
    Local Time:
    3:46 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    these 3 github commits for Centmin Mod 1.2.3-eva2000.08 beta01 are related to enabling the new CSF LF_IPSET options
    LF_IPSET should only be enabled if you have ipset YUM package installed + are on non-OpenVZ based systems see line 30-48 in inc/csftweaks.inc and line 28-37 in inc/cpcheck.inc (which runs everytime centmin.sh is invoked for checks and takes care of existing Centmin Mod users automatically to determine if LF_IPSET should be automatically enabled (1) or disabled (0))

    in inc/csftweaks.inc line 30-48
    Code:
        if [ ! -f /proc/user_beancounters ]; then
            if [ ! -f /usr/sbin/ipset ]; then
                # CSF now has ipset support to offload large IP address numbers
                # from iptables so uses less server resources to handle many IPs
                # does not work with OpenVZ VPS so only implement for non-OpenVZ
                yum -q -y install ipset ipset-devel
                sed -i 's/LF_IPSET = \"0\"/LF_IPSET = \"1\"/' /etc/csf/csf.conf
                sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
                sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
            else
                sed -i 's/LF_IPSET = \"0\"/LF_IPSET = \"1\"/' /etc/csf/csf.conf
                sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
                sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
            fi
        else
            sed -i 's/LF_IPSET = \"1\"/LF_IPSET = \"0\"/' /etc/csf/csf.conf
            sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"200\"/' /etc/csf/csf.conf
            sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"200\"/' /etc/csf/csf.conf
        fi
     
    Last edited: Dec 27, 2014
    • Like Like x 1
  3. rdan

    rdan Premium Member Premium Member

    4,244
    1,033
    113
    May 25, 2014
    Ratings:
    +1,481
    Local Time:
    1:46 PM
    Mainline
    10.2
    Thanks a lot!
     
..