Blocklists and DynDNS

Dynamic DNS Settings

Safe chain update - SAFECHAINUPDATE
Enable the creation of a new chain when updating all dynamic update chains, and insert it into the relevant LOCALINPUT/LOCALOUTPUT chain, then flush and delete the old dynamic chain and rename the new chain. This option should not be enabled on servers with long dynamic chains and low memory or Virtuozzo VPS servers with a restricted numiptent value.
Default: 0 Range: 0-1

Dynamic DNS update interval - DYNDNS
Allow access from dynamic DNS records by adding the FQDN records in /etc/csf/csf.dyndns and setting this option to the number of seconds to poll for a change in the IP address. If the IP address has changed iptables will be updated. Set the value to 0 to disable.
Default: 21600 Range: 0-86400

Dynamic DNS ignore IP addresses in LFD blocking - DYNDNS_IGNORE
Ignore DYNDNS IP addresses in login failure deamon blocking.
Default: 0 Range: 0-1

Global List Settings

Global list update interval - LF_GLOBAL
The interval in seconds when you want the login failure daemon to retrieve IP allow and deny lists. You do not have to specify both an allow and a deny file.
Default: 0 Range: 0|60-604800

Global allow list URL - GLOBAL_ALLOW The URL to a centralised copy of an IP allow list.
Default: empty

Global deny list URL - GLOBAL_DENY
The URL to a centralised copy of an IP deny list.
Default: empty

Global ignore list URL - GLOBAL_IGNORE
The URL to a centralised copy of an IP ignore list.
Default: empty

Global DynDNS List Settings

Global dynamic DNS list update interval - GLOBAL_DYNDNS_INTERVAL
The number of seconds to poll for a change in the IP address resolved from GLOBAL_DYNDNS.
Default: 600 Range: 60-86400

Global dynamic DNS list URL - GLOBAL_DYNDNS
The URL to a centralised copy of a dynamic DNS entries list.
Default: empty

Global dynamic DNS list ignore IP addresses in LFD blocking - GLOBAL_DYNDNS_IGNORE
Always ignore GLOBAL_DYNDNS IP addresses in login failure daemon blocking.
Default: 0 Range: 0-1

Block List Settings

Skip BOGON rules for these NICs - LF_BOGON_SKIP Do not apply BOGON rules these specific network interfaces (comma separated e.g eth1,eth2).
Default: empty

URL data retrieval client - URLGET
How to retrieve URL data.
HTTP::Tiny is much faster than LWP::UserAgent and is included in the CSF distribution.
LWP::UserAgent may have to be installed manually, but it can better support https:// URLs. We recommend setting this set to 2 for LWP::UserAgent as upgrades to CSF will be performed over SSL.
Default: 2 Range: 1-2

Related Pages