Today I will do some setup on CSF

Open the config file to modify some of the features below

1. Protection from DoS attacks by limiting the number of accesses to ports

For example: CONNLIMIT = “22;5,80;20” It means that port 80 (http) allows 20 connections with 1 IP => So from one machine creating a continuous query to the server creating more than 20 connections connection will be blocked, port 22 (ssh) is 5 connections 1 IP

2. Port Flood Prevention

Monitor the total number of connections from an IP to a port over a specified period of time with the PORTFLOOD setting. The input value has the form

For example: PORTFLOOD = “80;tcp;100;5” It means that a certain IP connects to port 80 using the tcp protocol, within 5 seconds, creating up to 100 connections will be blocked

3. Prevention of SYN FLOOD

Where SYNFLOOD = “1” to enable SYN FLOOD SYNFLOOD_RATE = “75/s” sets the number of SYN packets sent to 1 IP/1s. SYNFLOOD_BURST Number of times an IP can reach SYNFLOOD_RATE before being blocked.

4. Open the gate, close the gate

5. Execute a script

The default CSF checks the CPU’s activity level to see if it’s overloaded. If that happens, the CSF will execute a script we defined. Suppose you create a script to restart Apache, save it at /restartapache.sh, remember to chmod it to run chmod +x /restartapache.sh

The content of that script is just the command to restart Apache

Now I want to run the /restartapache.sh script every time the CPU is overloaded, then edit the config:

6. Ban all IPs coming from a certain country

7. Block if login services fail

8. Block IP Spam list

The CSF provides locking of an entire IP list, by including the URL of that list in the file /etc/csf/csf.blocklists. You can open that file to add lists of IPs that services detect IP SPAM