Safe chain update - SAFECHAINUPDATE
Enable the creation of a new chain when updating all dynamic update chains, and insert it into the relevant
LOCALINPUT/LOCALOUTPUT chain, then flush and delete the old dynamic chain and rename the new chain. This option should
not be enabled on servers with long dynamic chains and low memory or Virtuozzo VPS servers with a restricted numiptent
value.
Default: 0 Range: 0-1
Dynamic DNS update interval - DYNDNS
Allow access from dynamic DNS records by adding the FQDN records in /etc/csf/csf.dyndns
and setting this option to the number of
seconds to poll for a change in the IP address. If the IP address has changed iptables will be updated. Set the value to
0 to disable.
Default: 21600 Range: 0-86400
Dynamic DNS ignore IP addresses in LFD blocking - DYNDNS_IGNORE
Ignore DYNDNS IP addresses in login failure deamon blocking.
Default: 0 Range: 0-1
Global list update interval - LF_GLOBAL
The interval in seconds when you want the login failure daemon to retrieve IP allow and deny lists. You do not have to
specify both an allow and a deny file.
Default: 0 Range: 0|60-604800
Global allow list URL - GLOBAL_ALLOW
The URL to a centralised copy of an IP allow list.
Default: empty
Global deny list URL - GLOBAL_DENY
The URL to a centralised copy of an IP deny list.
Default: empty
Global ignore list URL - GLOBAL_IGNORE
The URL to a centralised copy of an IP ignore list.
Default: empty
Global dynamic DNS list update interval - GLOBAL_DYNDNS_INTERVAL
The number of seconds to poll for a change in the IP address resolved from GLOBAL_DYNDNS.
Default: 600 Range: 60-86400
Global dynamic DNS list URL - GLOBAL_DYNDNS
The URL to a centralised copy of a dynamic DNS entries list.
Default: empty
Global dynamic DNS list ignore IP addresses in LFD blocking - GLOBAL_DYNDNS_IGNORE
Always ignore GLOBAL_DYNDNS IP addresses in login failure daemon blocking.
Default: 0 Range: 0-1
Skip BOGON rules for these NICs - LF_BOGON_SKIP
Do not apply BOGON rules these specific network interfaces (comma separated e.g eth1,eth2).
Default: empty
URL data retrieval client - URLGET
How to retrieve URL data.
HTTP::Tiny is much faster than LWP::UserAgent and is included in the CSF distribution.
LWP::UserAgent may have to be installed manually, but it can better support https:// URLs. We recommend setting this set
to 2 for LWP::UserAgent as upgrades to CSF will be performed over SSL.
Default: 2 Range: 1-2