Iptables with csf the limitation of usage

I have a server with centos 6 and with 1 gb ram 50 gb hdd Virtual private server with cpanel installed
now i installed csf firewall now i want to know few things
1- how many ip or ip cdr can be blocked in csf with the following server configuration
2-is their any disadvantage of if we upload more ip or ip cdr in csf
3-is csf "block by country code" feature really work  say if i say CN in block country can really no ip of china can access my server
4-is their any way to remove all rules from csf (i want to put everything by my own) no predefine rule
Prakash GuptaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sanga CollinsSystems AdminCommented:
Hi Prakash Gupta

1. In CSF firewall you can set DENY_IP_LIMIT is /etc/csf/csf.conf the recommended value is from 100 to 1000, but if you have the horsepower you can go much higher. For each IP blocked I think it is 4 iptables rules created.
2. THe advatage is more IPs being blocked the disadvantage is a performance hit and the high levels.
3. Block by country code will really block all IP addresses registered from any country. Of course hackers can simply route traffic through other countries to get to you, but threats like bot nets should be handled easily.
4. You can start with a blank config by backing up and creating a new nano /etc/csf/csf.conf the rules can then be applied by using csf -r
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.