How to limit connections per ip with csf

E

el5olfaa.com

New member
Hello,

I will explain to you today how to block any ip address if exceeded our limitations, this is would be useful to prevent small ddos attack from affecting your server performance .

Assume you already having csf installed and running :

1) Connect to your server shell and do the following command :
Code: 
nano /etc/csf/csf.conf

2) Search for "CT_LIMIT" and set its value to 150 or as you see its good for your environment but keep in mind if you set it too low not suitable to your work you will see too many false positives .

3) Overwrite file and close then do the following command to restart csf to apply our new configuration :
Code: 
csf -r

That's all

Good luck
 
Realistically if a single IP (non-customer) has 150 connections, there is an issue.
You would be better with a lower number.

If you are trying to stop an DDoS, there are a number of better options available in CSF.

Like:-

CONNLIMIT, which configures how many connections per port can be made, which offers better granularity than CT_LIMIT.

even better for DoS/DDoS is:-

PORTFLOOD, which configures how many connections per second per port to accept and how long to back off for it that limit is breached.

Don't forget the SYNFLOOD and UDPFLOOD either, whilst ideally these should be left switched off if you are not under-attack, you can switch these on to defend against these attacks automatically.
 
You must log in or register to reply here.

Latest posts

Forum supporters

Members recently online

Total: 23

Forum statistics

Threads
80,889
Messages
248,391
Members
20,676
Latest member
Airnode
Top