[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 385
  • Last Modified:

Iptables with csf the limitation of usage

I have a server with centos 6 and with 1 gb ram 50 gb hdd Virtual private server with cpanel installed
now i installed csf firewall now i want to know few things
1- how many ip or ip cdr can be blocked in csf with the following server configuration
2-is their any disadvantage of if we upload more ip or ip cdr in csf
3-is csf "block by country code" feature really work  say if i say CN in block country can really no ip of china can access my server
4-is their any way to remove all rules from csf (i want to put everything by my own) no predefine rule
Prakash Gupta
Prakash Gupta
1 Solution
Sanga CollinsSystems AdminCommented:
Hi Prakash Gupta

1. In CSF firewall you can set DENY_IP_LIMIT is /etc/csf/csf.conf the recommended value is from 100 to 1000, but if you have the horsepower you can go much higher. For each IP blocked I think it is 4 iptables rules created.
2. THe advatage is more IPs being blocked the disadvantage is a performance hit and the high levels.
3. Block by country code will really block all IP addresses registered from any country. Of course hackers can simply route traffic through other countries to get to you, but threats like bot nets should be handled easily.
4. You can start with a blank config by backing up and creating a new nano /etc/csf/csf.conf the rules can then be applied by using csf -r

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now