Hi guys, many of you are already using CSF instead of stock iptables/fail2ban Hestia bundle.
Lupu did pretty decent job with firewall ipset integration in Hestia v1.2.0.
If you would like to achieve the very same functionality plus a lot more, then follow the below step-by-step tutorial, so that you don’t have to reinvent the wheel and/or say goodbye to CSF, but rather use its full potential.
- Installed CSF
- Installed ipset (apt install ipset)
Steps to enable IPset Blocking in CSF:
- nano /etc/csf/csf.conf
- Change “LF_IPSET” to “1”
- nano /etc/csf/csf.blocklists
- Append the below snippet
- csf -ra
CSF IPset Blocking snippet:
# Lupu’s Blacklists
You can now say goodbye to bruteforcers & spammers.
Don’t forget to share this tuto as well as Hestia among your sysadmin friends
- CSF + IPset
- Using Hestia’s firewall bundle