If you use CSF (ConfigServer Firewall) on a CPanel/WHM system and you block a lot of IP addresses, performance can degrade on your server.
One way to improve performance is to install IPSET and then plug that into CSF.
It’s a simple two-step process:
1. In WHM, go to Software -> Install an RPM, wait for it to load the package list and then scroll down to find ipset. Highlight ipset and then click on the Install button.
2. Go into CSF, click on Firewall Configuration, page down to General Settings, find the LF_IPSET item and set it to 1. Click the Change button at the bottom of the page and then click the Restart CSF+LFD button.
That’s it. If you have a large IP deny list or you’re doing country bans you should find things move a little quicker on your sever now.
Note: IPSET is not yet supported in Virtuzzo containers. According to this bug report it should be available from OpenVZ 3.10+ kernels.