Improve CSF performance with ipset

For servers where the CSF firewall is running slowly using iptables, or may stop when large amounts of IP addresses are configured between iptables rules. This problem can be solved quickly by installing ipset.

Ipset is a framework that belongs to the Linux kernel. Allows you to store combinations of IP addresses, networks, TCP / UDP ports, and MAC addresses. The data stored in the IP set is quickly accessible and can be searched and updated without reloading iptables.

To configure, you must install the ipset package that can be used by users using CentOS, Red Hat, and Fedora (yum) OS by issuing the following command:

sudo yum install ipset -y

If you are using an apt-based Linux distribution such as Ubuntu, or Debian, you must issue the following command:

sudo apt-get install ipset -y

After installing ipset and related dependencies, ipset must be enabled in the CSF configuration file, which can be done by modifying the main configuration file:

nano /etc/csf/csf.conf

After opening, locate the lf_ipset line and make the change. To search, press CTRL+W, and then type lf_ipset, and then press enter.

Change the value of 0 in lf_ipset to 1. After the change, the configuration file will look like this:

LF_IPSET = "1"

Then save the changes and exit the nano editor by pressing the CTRL+X keys, and then press the Y key and finally enter.

As a last step, restart the CSF and LFD services to validate the changes

csf -r