How test LFD if it works?

How test LFD if it works? (ad when block my IP, how unblock?)

Happy New Year @rssperky

You probably want to start by changing config

nano /etc/csf/csf.conf || vi etc/csf/csf.conf

Look for directive TESTING = β€œ1” and set it to 0 why lfd will not start while this is enabled.

Set

LF_TRIGGER_PERM = "120"

To temporarily ban offenders for 2 minutes (so that you can test and still get access after a short time)

Then set

CT_LIMIT = "1"

Connection tracking checks how many connections a visitor is opening to your server. It’s effective in blocking small attacks. The setting above blocks any IP using more than 1 connection per second

Now adjust login protection for sshd

LF_SSHD = "1"
LF_SSHD_PERM = "1800"

Now using your ssh client try to access your root/sudo user account. Input the wrong password ofcourse you will not be let through. Try again with correct credentails and you will see you will not be able to log in meaning your ip has be blocked temporarily.

1 Like

After nano etc/csf/csf.conf
its an empty file. CSF have installed.

Sorry I missed a slash before the path /etc/csf/csf.conf

Is good idea to set LF_TRIGGER_PERM and LF_SSHD_PERM to 120000sec(33 hour) or more?
Or will be too big the log file and slow down server? I want ban 1 month minimum.

The value you put for directive LF_TRIGGER_PERM should ideally be the same as for directive LF_SSHD_PERM. It doesnt matter how long you prefer to block ip addresses. Set it as you wish

1 Like

This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.