Richard G
Verified User
I'm just wondering. We want to increase the option to have more ip's blocked.
But except for enabling ipset, what are decent settings to use for DENY_IP_LIMIT and DENY_TEMP_IP_LIMIT for example?
Because I know if you go higher than 1000 in DENY_TEMP_IP_LIMIT then when restaring CSF it gives a warning that recommended is between 100 and 1000.
Does the TEMP limit also make use of IPSET?
Also I've seen that LF_IPSET_MAXELEM = "65536" which some site advised to increase to 16777216, seems a bit much to me, what value do you use?
It it still possible to use the normal csf commands like csf -d or csf -rd etc. to add and remove ip's?
Any other good advise on using ipset?
But except for enabling ipset, what are decent settings to use for DENY_IP_LIMIT and DENY_TEMP_IP_LIMIT for example?
Because I know if you go higher than 1000 in DENY_TEMP_IP_LIMIT then when restaring CSF it gives a warning that recommended is between 100 and 1000.
Does the TEMP limit also make use of IPSET?
Also I've seen that LF_IPSET_MAXELEM = "65536" which some site advised to increase to 16777216, seems a bit much to me, what value do you use?
It it still possible to use the normal csf commands like csf -d or csf -rd etc. to add and remove ip's?
Any other good advise on using ipset?