Have a Question?
Improve CSF performance with ipset
For servers where the CSF firewall is running slowly using iptables, or may stop when large amounts of IP addresses are configured between iptables rules. This problem can be solved quickly by installing ipset.
Ipset is a framework that belongs to the Linux kernel. Allows you to store combinations of IP addresses, networks, TCP / UDP ports, and MAC addresses. The data stored in the IP set is quickly accessible and can be searched and updated without reloading iptables.
To configure, you must install the ipset package that can be used by users using CentOS, Red Hat, and Fedora (yum) OS by issuing the following command:
sudo yum install ipset -y
If you are using an apt-based Linux distribution such as Ubuntu, or Debian, you must issue the following command:
sudo apt-get install ipset -y
After installing ipset and related dependencies, ipset must be enabled in the CSF configuration file, which can be done by modifying the main configuration file:
After opening, locate the
lf_ipset line and make the change. To search, press
CTRL+W, and then type
lf_ipset, and then press
Change the value of
1. After the change, the configuration file will look like this:
LF_IPSET = "1"
Then save the changes and exit the nano editor by pressing the
CTRL+X keys, and then press the
Y key and finally
As a last step, restart the CSF and LFD services to validate the changes