/ Register

Get the most out of your Centmin Mod LEMP stack
Become a Member

CSF What should be the right value for "LF_IPSET" on csf config?

Discussion in 'Centmin Mod Insights' started by rdan, Dec 27, 2014.

Tags:
Previous Thread Next Thread
Loading...
  1. Dec 27, 2014 #1
    rdan

    rdan Well-Known Member

    5,426
    1,389
    113
    May 25, 2014
    Ratings:
    +2,172
    Local Time:
    4:32 AM
    Mainline
    10.2
    For a pure Dedicated Server/Ovh.

    I have some VPS and Dedicated server also but with different value.
    Should be 1 or 0?
     
  2. Dec 27, 2014 #2
    eva2000

    eva2000 Administrator Staff Member

    50,852
    11,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,234
    Local Time:
    6:32 AM
    Nginx 1.25.x
    MariaDB 10.x
    these 3 github commits for Centmin Mod 1.2.3-eva2000.08 beta01 are related to enabling the new CSF LF_IPSET options
    LF_IPSET should only be enabled if you have ipset YUM package installed + are on non-OpenVZ based systems see line 30-48 in inc/csftweaks.inc and line 28-37 in inc/cpcheck.inc (which runs everytime centmin.sh is invoked for checks and takes care of existing Centmin Mod users automatically to determine if LF_IPSET should be automatically enabled (1) or disabled (0))

    in inc/csftweaks.inc line 30-48
    Code:
        if [ ! -f /proc/user_beancounters ]; then
        if [ ! -f /usr/sbin/ipset ]; then
            # CSF now has ipset support to offload large IP address numbers
            # from iptables so uses less server resources to handle many IPs
            # does not work with OpenVZ VPS so only implement for non-OpenVZ
            yum -q -y install ipset ipset-devel
            sed -i 's/LF_IPSET = \"0\"/LF_IPSET = \"1\"/' /etc/csf/csf.conf
            sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
            sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
        else
            sed -i 's/LF_IPSET = \"0\"/LF_IPSET = \"1\"/' /etc/csf/csf.conf
            sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
            sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
        fi
    else
        sed -i 's/LF_IPSET = \"1\"/LF_IPSET = \"0\"/' /etc/csf/csf.conf
        sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"200\"/' /etc/csf/csf.conf
        sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"200\"/' /etc/csf/csf.conf
    fi
     
    Last edited: Dec 27, 2014
  3. Dec 27, 2014 #3
    rdan

    rdan Well-Known Member

    5,426
    1,389
    113
    May 25, 2014
    Ratings:
    +2,172
    Local Time:
    4:32 AM
    Mainline
    10.2
    Thanks a lot!
     
Previous Thread Next Thread
Loading...

.