{"id":603,"date":"2015-01-31T01:08:43","date_gmt":"2015-01-31T06:08:43","guid":{"rendered":"https:\/\/www.devolve.net\/blog\/?p=603"},"modified":"2015-01-31T01:08:43","modified_gmt":"2015-01-31T06:08:43","slug":"switching-from-apf-to-csf","status":"publish","type":"post","link":"https:\/\/www.devolve.local\/switching-from-apf-to-csf\/","title":{"rendered":"Switching from APF to CSF"},"content":{"rendered":"<p><img decoding=\"async\" loading=\"lazy\" src=\"http:\/\/configserver.com\/images\/csf\/csf_large.png\" width=\"317\" height=\"127\" alt=\"CSF logo\" class=\"alignnone\" \/>I was enjoying trying out APF on my Raspberry Pi, but I noticed that it wasn&#8217;t blocking repeat attackers the way I wanted it to. fail2ban was working the way it was supposed to work, but it only blocks temporarily, and I never figured out why the gamin back-end to continuously monitor log files didn&#8217;t work reliably. I tried to work around that with some extra iptables rules, but was still getting hammered by folks. It made me sad.<\/p>\n<p><a href=\"http:\/\/configserver.com\/cp\/csf.html\" title=\"ConfigServer Security &#038; Firewall\">ConfigServer Security &#038; Firewall<\/a>, CSF, has been great so far. Reading through the main config file takes time but that&#8217;s good because it&#8217;s so well documented. I admit I&#8217;m not digging the extensive tuning needed to stop the seemingly endless squawking about IDS-related features (process resources, funny process names, custom cron scripts, etc.) so for now that&#8217;s turned off. I may fine-tune it soon. <\/p>\n<p>Other things I like about CSF: optional automatic updates, built-in connection limits and rate limits, the idea of having separate allowed and ignored groups (allowed group may still be banned if not also in the ignored group, which is a nuanced distinction), lots of flexibility &#038; customization, and it also has IPSET support for ultra-fast rule matching!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I was enjoying trying out APF on my Raspberry Pi, but I noticed that it wasn&#8217;t blocking repeat attackers the way I wanted it to. fail2ban was working the way it was supposed to work, but it only blocks temporarily, and I never figured out why the gamin back-end to continuously monitor log files didn&#8217;t [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[34,16,17,24,26],"_links":{"self":[{"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/posts\/603"}],"collection":[{"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/comments?post=603"}],"version-history":[{"count":2,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/posts\/603\/revisions"}],"predecessor-version":[{"id":605,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/posts\/603\/revisions\/605"}],"wp:attachment":[{"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/media?parent=603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/categories?post=603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devolve.local\/wp-json\/wp\/v2\/tags?post=603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}