Want more timely Centmin Mod News Updates?
Become a Member

CSF What should be the right value for "LF_IPSET" on csf config?

Discussion in 'Centmin Mod Insights' started by RoldanLT, Dec 27, 2014.

  1. RoldanLT

    RoldanLT Well-Known Member

    3,901
    949
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,298
    Local Time:
    2:39 AM
    1.11
    10.2
    For a pure Dedicated Server/Ovh.

    I have some VPS and Dedicated server also but with different value.
    Should be 1 or 0?
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,156
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    4:39 AM
    Nginx 1.13.x
    MariaDB 5.5
    these 3 github commits for Centmin Mod 1.2.3-eva2000.08 beta01 are related to enabling the new CSF LF_IPSET options
    LF_IPSET should only be enabled if you have ipset YUM package installed + are on non-OpenVZ based systems see line 30-48 in inc/csftweaks.inc and line 28-37 in inc/cpcheck.inc (which runs everytime centmin.sh is invoked for checks and takes care of existing Centmin Mod users automatically to determine if LF_IPSET should be automatically enabled (1) or disabled (0))

    in inc/csftweaks.inc line 30-48
    Code:
        if [ ! -f /proc/user_beancounters ]; then
            if [ ! -f /usr/sbin/ipset ]; then
                # CSF now has ipset support to offload large IP address numbers
                # from iptables so uses less server resources to handle many IPs
                # does not work with OpenVZ VPS so only implement for non-OpenVZ
                yum -q -y install ipset ipset-devel
                sed -i 's/LF_IPSET = \"0\"/LF_IPSET = \"1\"/' /etc/csf/csf.conf
                sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
                sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
            else
                sed -i 's/LF_IPSET = \"0\"/LF_IPSET = \"1\"/' /etc/csf/csf.conf
                sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
                sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"3000\"/' /etc/csf/csf.conf
            fi
        else
            sed -i 's/LF_IPSET = \"1\"/LF_IPSET = \"0\"/' /etc/csf/csf.conf
            sed -i 's/DENY_IP_LIMIT = \"100\"/DENY_IP_LIMIT = \"200\"/' /etc/csf/csf.conf
            sed -i 's/DENY_TEMP_IP_LIMIT = \"100\"/DENY_TEMP_IP_LIMIT = \"200\"/' /etc/csf/csf.conf
        fi
     
    Last edited: Dec 27, 2014
    • Like Like x 1
  3. RoldanLT

    RoldanLT Well-Known Member

    3,901
    949
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,298
    Local Time:
    2:39 AM
    1.11
    10.2
    Thanks a lot!