@scotwnw Thanks for the info that helps a lot. Great tip about blocking subnets rather than using country blocking. I’ve never noticed a performance issue with country blocking despite clear warnings about it’s potential performance hit but I always enable LF_IPSET so maybe that is helping to avoid any issues. Is it a case of manually watching the logs and adding offending subnets?
As an experiment I enabled ST_ENABLE for system stats and now I can click a “View system statistics” button and it does show stats visually. I guess this indicates that the necessary graphical program in Ubuntu is there is working ok? I’ve been trying to get stats to show for lfd as in your screenshot (I had this working the same on a commerical host) but not working just yet on my Virtualmin install. I’d be very grateful If you let me know if you find out what’s needed to get it up and running.
Just to clarify though, I’m getting the message:
“No statistical data has been collected yet” when clicking the “View lfd statistics” button so I’d guess that suggests it has no data to display (or can’t access it) rather than not being able to display it.
Also, I’m wondering if the following from csf.conf (current settings and set by csf) are correct or match your settings:
HTACCESS_LOG = "/var/log/apache2/error.log"
MODSEC_LOG = "/var/log/apache2/error.log"
SSHD_LOG = "/var/log/auth.log"
SU_LOG = "/var/log/messages"
SUDO_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/messages"
SMTPAUTH_LOG = "/var/log/secure"
POP3D_LOG = "/var/log/mail.log"
IMAPD_LOG = "/var/log/mail.log"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
WEBMIN_LOG = "/var/log/auth.log"
Sorry to bother you keep asking questions but one last thing - I haven’t benn able to find an answer to if csf requires the Webmin>Networking> “Linux Firewall” to be enabled on boot or disabled? I’m assuming it provides the “back end” for csf or does csf function entirely on it’s own and I need to disable “Linux Firewall”.