Page 1 of 1

allow to use ipset for temporary blocks

Posted: 18 Jun 2015, 16:17
by csurgi
Hi,

Now I have a server under my hand with csf with DENY_TEMP_IP_LIMIT=250.
250 entry is enough for about 4 minute denys, and there are rotated out.
But it's should deny IPs for 120/60/30/5 minutes...
Is there a way to support ipset for longer denies?

Regards

Re: allow to use ipset for temporary blocks

Posted: 27 Jul 2015, 18:24
by cron0
+1

this would be really useful to have. From a quick review of ipset's config parameters I don't see why this can't be implemented in csf/lfd.

It isn't rare to see 100s or even 1000s of IPs being blocked per hour when a large attack occur.

Re: allow to use ipset for temporary blocks

Posted: 23 Jun 2018, 07:47
by st41ker
Exactly!

This feature is needed 100%.
At least for me.
According to csf code there are differences between dotempdeny and dodeny.