how i can turn off or disable lfd on csf ?

[xlinux]

hi all member

i have some problem. i want to turn off or disable lfd on csf

how i can do it

thanks

 

[SeLLeRoNe]

disable: csf -x
enable: csf -e

Regards

 

[Richard G]

I think he only wants to disable lfd, not both.

However, why should you want to do that xlinux?

 

[xlinux]

disable: csf -x
enable: csf -e

Regards

i used command /etc/init.d/lfd stop it.

 

[zEitEr]

It will start again on server start/reboot (you should disable it from autostart), and of course on csf update/upgrade.

 

[Richard G]

Still.... why should one want to disable LFD? There are so many options to enable or disable if something is disturbing.
I would never disable a part of that firewall.

 

[xlinux]

Still.... why should one want to disable LFD? There are so many options to enable or disable if something is disturbing.
I would never disable a part of that firewall.

i want stop LFD service, beacuse when website have many connect form ip address, lfd will block this ip address. this is resolution

 

[Richard G]

You probably have Syn_flood active. You could just punt synflood = 0 and leave portflood empty and start lfd again.
Normally however, this should not be a problem so I hope people are not doing SlowLoris attacks at your system.

 

[xlinux]

You probably have Syn_flood active. You could just punt synflood = 0 and leave portflood empty and start lfd again.
Normally however, this should not be a problem so I hope people are not doing SlowLoris attacks at your system.

what have occur when you should that turn off Syn_flood ?

 

[Richard G]

Probably your users won't get blocked anymore when having lfd running.

 

[Tommyhara]

It will start again on server start/reboot (you should disable it from autostart), and of course on csf update/upgrade.

Hi Alex, after installed CSF I found that my site is running a bit more slow and disabled it then it back normally

Does CSF affect to loading speed of a website?

 

[zEitEr]

Hello,

It might affect in certain cases. Take care of DENY_IP_LIMIT and SYNFLOOD

You can find this warning:

# Limit the number of IP's kept in the /etc/csf/csf.deny file
#
# Care should be taken when increasing this value on servers with low memory
# resources or hard limits (such as Virtuozzo/OpenVZ) as too many rules (in the
# thousands) can sometimes cause network slowdown

in CSF config.

If you use country based blocks or your DENY_IP_LIMIT is high then you might see the issue.

# SECTIONort Flood Settings
###############################################################################
# Enable SYN Flood Protection. This option configures iptables to offer some
# protection from tcp SYN packet DOS attempts. You should set the RATE so that
# false-positives are kept to a minimum otherwise visitors may see connection
# issues (check /var/log/messages for *SYNFLOOD Blocked*). See the iptables
# man page for the correct --limit rate syntax
#
# Note: This option should ONLY be enabled if you know you are under a SYN
# flood attack as it will slow down all new connections from any IP address to
# the server if triggered

Make sure SYN Flood Protection is disabled.