Skip to main content

IP Block Lists

This feature allows csf/lfd to periodically download lists of IP addresses and CIDRs from pubished block or black lists. It is controlled by the file: /etc/csf/csf.blocklists

Uncomment the line starting with the rule name to use it, then restart csf and then lfd.

Each block list must be listed on per line: as NAME|INTERVAL|MAX|URL

  • NAME - List name with all uppercase alphabetic characters with no spaces and a maximum of 25 characters - this will be used as the iptables chain name
  • INTERVAL - Refresh interval to download the list, must be a minimum of 3600 seconds (an hour), but 86400 (a day) should be more than enough
  • MAX -This is the maximum number of IP addresses to use from the list, a value of 0 means all IPs
  • URL - The URL to download the list from

Note: Some of these lists are very long (thousands of IP addresses) and could cause serious network and/or performance issues, so setting a value for the MAX field should be considered.

After making any changes to this file you must restart csf and then lfd.

If you want to redownload a blocklist you must first delete /var/lib/csf/csf.block.NAME and then restart csf and then lfd.

Each URL is scanned for an IP/CIDR address per line and if found is blocked.