🔔 🔔 🔔 Duyuru: 24. Yılımıza özel indirimler sizleri bekliyor ! Kampanya Kodu : TDATA2024 | Detaylı bilgi için tıklayınız.

Some useful tweak settings on CSF Configuration File

Some useful tweak settings on CSF Configuration File

IP Limit in Permanent “Deny” File
A higher number here will obviously screen out more IP addresses in csf.deny.

IP Limit in Temporary “Deny” File
Similar to DENY_IP_LIMIT, the DENY_TEMP_IP_LIMIT represents the maximum number of IPs that can be stored in the temporary ban list.

SMTP Blocking
When set to “1″, SMTP_BLOCK does not completely block outbound SMTP, but it does block it for most users. This will prevent malicious scripts and compromised users from making outbound connections from unauthorized mail clients on the server. SMTP_BLOCK doesn’t stop those scripts from running, but it does stop them from functioning. Mail sent through the proper channels will still be delivered normally.

Allowing SMTP on localhost
Custom Mail Port Designation

SMTP_PORTS = “25,465,587”
Allowing SMTP Access to Users/Groups

SMTP_ALLOWGROUP = “mail,mailman”

SYN Flood Protection

Per the documentation, you should only enable SYN flood protection (SYNFLOOD= “1″) if you are currently under a SYN flood attack.

Concurrent Connections Limit
CONNLIMIT = “22;5,80;20″
PORTFLOOD = “22;tcp;5;300,80;tcp;20;5

These options allow you to add customized DoS protection. CONNLIMIT handles the number of concurrent connections, and in this example, we’re limiting port 22 to 5 connections and port 80 to 20 connections.

Dropping v. Rejecting Packets

This configuration allows you to either DROP or REJECT packets. REJECT tells the sender that the packet has been blocked by the firewall. DROP just drops the packet and does not send a response. I like DROP better for regular use, but REJECT might be more helpful if you need to diagnose a connectivity issue.

Logging Dropped Connections

This option logs dropped connections to syslog. I don’t see any reason to turn this off unless your hard drive is getting full.


This option enables the SPAMHAUS blocklist. Specify the number of seconds between refreshes. Recommended setting is 86400 (1 day).

Blocking TOR Exit IP Addresses
LF_TOR = “0”

Enabling this option will block TOR exit IP addresses. If you are not familiar with TOR, it is a completely anonymous proxy network. This could block some legitimate users who are trying to protect their anonymity, so I would recommend only turning this on if you are already under attack from a TOR exit address.

Blocking Bogon Addresses
LF_BOGON = “0”
LF_BOGON_URL = “http://www.cymru.com/Documents/bogon-bn-agg.txt”

Blocking bogon addresses (addresses that should not be possible) is usually a good decision. To enable, set the number of seconds between refreshes. I recommend enabling this option and setting the refresh at 86400 (1 day). If you do so, be sure to add your private network adapters to the skip list.

Country-Specific Access to Your Server
CC_DENY = “”

With these options, you can block or allow entire countries from accessing your server. To do so, enter the country codes in a comma separated list.

Alternatively, you can set your server to exclusively accept traffic from a list of country codes. All other countries not listed will have their traffic dropped.

Blocking Login Failures

This enables blocking of login failures (per service). There are a lot of great customization options in this section.

Scanning Directories for Malicious Files

This feature scans /tmp and /dev/shm for potentially malicious files and alerts you to their presence based on the interval you designate. You can also have CSF automatically quarantine malicious files with this option:

Distributed Attack Protection

By enabling this option, you activate additional protection against distributed attacks.

Blocking Based on Abusive Email Usage
LT_POP3D = “0”
LT_IMAPD = “0”

If a user checks email too many times per hour (more than the non-zero value specified), the user’s IP address is blocked.

Blocking IP Addresses Based on Number of Connections
CT_LIMIT = “0”

This feature tracks connections and blocks the IP if the number of connections is too high. Use caution because if you enable this option and set this value too low, it will block legitimate traffic.

Application-Level Protection
PT_LIMIT = “60”

This feature provides application level protection against malicious scripts that take a long time to execute.

Blocking Port Scanners
PS_LIMIT = “10”

Bu cevap yeterince yardımcı oldu mu?

Diğer Dökümanlar

  • WARNING: RESTRICT_SYSLOG is disabled. See SECURITY WARNING in Firewall Configuration

    Today I got the above error while entering to “ConfigServer Security & Firewall” in WHM. Solution: 1. Login to WHM 2.Home » Plugins » ConfigServer Security &...

  • How to allow certain IP for services in CSF

    Add the following line in your /etc/csf/csf.allow tcp|in|d=3306|s=|out|d=3306|d= Restart csf with : csf -r This will allow incoming/outgoing connections...

  • Linux Malware Detect ( LMD )

    Linux Malware Detect ( LMD ) Easy way to install LMD via root shell. # vim maldetect.sh #/bin/bashmkdir tmpcd tmpwget http://www.rfxn.com/downloads/maldetect-current.tar.gztar...

  • Install ChkRootKit

    Install ChkRootKit Follow these steps to install ChkRootKit cd /usr/local/src/ – Down load the chkrootkit.# wget http://www.spenneberg.org/chkrootkit-mirror/files/chkrootkit.tar.gz#...

  • CSF Installation

    CSF Installation To install csf simply do the following from the root shell via SSH: wget http://www.configserver.com/free/csf.tgztar -xzf csf.tgzcd csfsh install.shcd ..rm -Rfv...