Configure global lists, dynamic DNS, and blocklist settings.
juggernaut --task=lfd::globallists
Option |
Value | Default | Description |
---|---|---|---|
--SAFECHAINUPDATE |
<1|0> | 0 | Enable the creation of a new chain when updating all dynamic update chains, and insert it into the relevant LOCALINPUT/LOCALOUTPUT chain, then flush and delete the old dynamic chain and rename the new chain. This option should not be enabled on servers with long dynamic chains and low memory or Virtuozzo VPS servers with a restricted numiptent value. |
--DYNDNS |
<0-86400> | 3600 | Allow access from dynamic DNS records by adding the FQDN records in /etc/csf/csf.dyndns and setting this option to the number of seconds to poll for a change in the IP address. If the IP address has changed iptables will be updated. Set the value to 0 to disable. |
--DYNDNS_IGNORE |
<1|0> | 0 | Ignore DYNDNS IP addresses in login failure daemon blocking. |
--LF_GLOBAL |
<digit> | 0 | The interval in seconds when you want the login failure daemon to retrieve IP allow and deny lists. You do not have to specify both an allow and a deny file. |
--GLOBAL_ALLOW |
<string> | The URL to a centralised copy of an IP allow list. | |
--GLOBAL_DENY |
<string> | The URL to a centralised copy of an IP deny list. | |
--GLOBAL_IGNORE |
<string> | The URL to a centralised copy of an IP ignore list. | |
--GLOBAL_DYNDNS_INTERVAL |
<60-86400> | 600 | The number of seconds to poll for a change in the IP address resolved from GLOBAL_DYNDNS. |
--GLOBAL_DYNDNS |
<string> | The URL to a centralised copy of a dynamic DNS entries list. | |
--GLOBAL_DYNDNS_IGNORE |
<1|0> | 0 | Always ignore GLOBAL_DYNDNS IP addresses in login failure daemon blocking. |
--LF_BOGON_SKIP |
<string1,string2> | Do not apply BOGON rules these specific network interfaces (comma separated e.g eth1,eth2). | |
--LF_BOGON_SKIP_add |
<string> | Add a single entry to LF_BOGON_SKIP. | |
--LF_BOGON_SKIP_del |
<string> | Remove a single entry from LF_BOGON_SKIP. | |
--URLGET |
<1-3> | 2 | How to retrieve URL data. HTTP::Tiny is much faster than LWP::UserAgent and is included in the csf distribution. LWP::UserAgent may have to be installed manually, but it can better support https:// URLs. We recommend setting this set to 2 for LWP::UserAgent as upgrades to CSF will be performed over SSL. |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--restart |
<yes> | Restart the service after saving settings. |
// set the DYNDNS to 30 minutes
juggernaut --task=lfd::globallists --DYNDNS=1800 --restart=yes
// reset DYNDNS back to default
juggernaut --task=lfd::globallists --default_option=DYNDNS --restart=yes
// reset all settings back to default
juggernaut --task=lfd::globallists --default=yes --restart=yes