Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


In this Discussion

DENY_IP_LIMIT, number of blocked IPs in config server firewall, is it in RAM?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

DENY_IP_LIMIT, number of blocked IPs in config server firewall, is it in RAM?

Hello, im having CSF (Config server firewall) on a VPS, i want to ask if it is safe to raise DENY_IP_LIMIT to the lets say 2000 entries?

if "it" is stored in RAM i assume any lags would be quite negligible?

Someone said that CSF used around 13GB of RAM when 8000 IPs was blocked:
http://forum.configserver.com/viewtopic.php?t=5653

My "lfd" process is using 74116 VIRT memory

CSF settings:

DENY_IP_LIMIT = 400

DENY_TEMP_IP_LIMIT = 200

but this is the value visible from CSF control panel:

csf.deny, the IP address deny file (Currently: 509 permanent IP bans)

Thank you

Comments

  • hausarzthausarzt Member
    edited September 2015

    If CSF creates an additional iptables entry for each address that's asking for trouble once you add more than a few hundred entries.. Have a look at ipset which does the same with a much smaller footprint and super fast lookups thanks to hash maps and using a single iptables entry. Check out this tool: https://github.com/trick77/ipset-blacklist
    I'm using like 45k entries in ipset. Unfortunately, I don't think ipset works in OpenVZ.

    Thanked by 1postcd
Sign In or Register to comment.