What is LFD?

Short for Login Failure Daemon, LFD is a process that is part of the ConfigServer Security & Firewall (CSF) that periodically checks for potential threats to a server such as brute-force login attempts and if found blocks the IP address attempting to attack that server.

The log file of lfd is /var/log/lfd.log
You can grep the ip address from the lfd.log file and can easily understand that whether the block is permanent or temporary.

# csf -dr < ip>    Unblock an IP and remove from /etc/csf.deny
# csf -tr <ip>    Remove an IPs from the temp IP ban and allow list

Once the IP address removed one need to restart the Firewall…
To Restart Firewall one need to execute below mentioned command:

# csf -r

This entry was posted by Arun Ghosh. Bookmark the permalink.