IPSET and CSF Print

  • 1

some time you face iptable issue but not this is only for dedicated server and kvm and it is not working OPENVZ
If you use ConfigServer Firewall on a CPanel/WHM system and you block a lot of IP addresses, performance can degrade on your server.

It’s a simple two-step process:

1. In WHM, go to Software -> Install an RPM, wait for it to load the package list and then scroll down to find ipset. Highlight ipset and then click on the Install button.

2. Go into CSF, click on Firewall Configuration, page down to General Settings, find the LF_IPSET item and set it to 1. Click the Change button at the bottom of the page and then click the Restart CSF+LFD button.

To get started, we want to install ipset. CentOS, Red Hat and Fedora (yum) users do this by:

sudo yum install ipset -y

Or for an apt based Linux distro like Ubuntu or Debian, run:

sudo apt-get install ipset -y

Once ipset and its necessary supporting packages are installed, we need to tell CSF that ipset is available and ready to be used. We want to edit CSF's main config file:

nano /etc/csf/csf.conf

Then, we want to search for the lf_ipset line to make our changes:

CTRL+W to search in nano
Type lf_ipset and hit return

Alter the lf_ipset line to look like this:

LF_IPSET = "1"

Now we want to save our changes and exit nano:

CTRL+X then type Y and hit return

And finally, we need to reload CSF and LFD to apply our changes:

csf -r

That’s it. If you have a large IP deny list or you’re doing country bans you should find things move a little quicker on your sever now.

Note: IPSET is not yet supported in Virtuzzo containers. According to this bug report it should be available from OpenVZ 3.10+ kernels.

Was this answer helpful?

« Back

Powered by WHMCompleteSolution