How to increase DENY IP limit in CSF firewall In CSF firewall, old IP addresses will be automatically removed from /etc/csf/csf.deny file when the ‘DENY_IP_LIMIT ‘ is reached. An example is given below : root@server [~]# csf -d 192.168.1.1 csf: DENY_IP_LIMIT (200), the following IP’s were removed from /etc/csf/csf.deny In the above example you can see that DENY_IP_LIMIT is 200 so the oldest IP in csf.deny was removed when you tried to add a new IP to deny list. Do the below steps to increase deny IP limit in CSF firewall. Setting DENY limit to a very high value will slow down network and website. Make sure there is sufficient resources on the server before you increase this value. 1. Log into linux server via SSH as root 2. First take a backup of the CSF configuration file. cp -a /etc/csf/csf.conf /etc/csf/csf.conf.original 3. Edit CSF configuration using vi editor vi /etc/csf/csf.conf Change the below lines DENY_IP_LIMIT = “200” to DENY_IP_LIMIT = “500” DENY_TEMP_IP_LIMIT = “100”