Search found 11 matches
- 18 Nov 2020, 03:04
- Forum: General Discussion (csf)
- Topic: Adding a blocklist to /etc/csf/blocklists fails
- Replies: 0
- Views: 2786
Adding a blocklist to /etc/csf/blocklists fails
In csf.conf I have LF_IPSET = "1" LF_IPSET_HASHSIZE = "1024" LF_IPSET_MAXELEM = "65536" I have several public blocklists enabled, namely ABDE, BDEALL, SPAMDROP, etc., all of which have been working correctly on csf with ipset for several years. At this point, I don't re...
- 14 Nov 2020, 22:31
- Forum: Suggestions (csf)
- Topic: Custom ipset support
- Replies: 0
- Views: 4421
Custom ipset support
I have private custom ipset-managed blocklists on my system that get wiped out whenever csf is restarted,because, of course, csf is unaware of them. This poses a management problem. Is there some way to inform csf of the existence of these ipsets? I am only aware of the support in /etc/csf/csf.block...
- 07 Oct 2019, 23:57
- Forum: General Discussion (csf)
- Topic: regex.custom.pm stopped working
- Replies: 12
- Views: 10045
Re: regex.custom.pm stopped working
Through the combination of strategic countries, ASN, and netblocks, I've reduced spam, email account attempts, and log size by 96%. I have similar results using CC_DENY plus blocklists SPAMDROP SPAMEDROP BDE BDEALL FULLBOGON (all run by IPset) Only a few ports are open on my server, the SSH port no...
- 07 Oct 2019, 22:02
- Forum: General Discussion (csf)
- Topic: regex.custom.pm stopped working
- Replies: 12
- Views: 10045
Re: regex.custom.pm stopped working
What is the syntax of your port declaration? Presently: { return ("SMTP error 3",$1,"exim_main_error3","1","25","14400");} Have also used: { return ("SMTP error 3",$1,"exim_main_error3","1",$3,"14400");} And: ...
- 07 Oct 2019, 18:51
- Forum: General Discussion (csf)
- Topic: regex.custom.pm stopped working
- Replies: 12
- Views: 10045
Re: regex.custom.pm stopped working
There are two categories of blocks: temporary and permanent (and permanent permanent). Your config will determine which are used and how. Be sure to read: ...... Temp blocks are stored in /var/lib/csf . Don't mess with these files. Permanent blocks are stored in deny.txt to the limit of DENY_IP_LIM...
- 04 Oct 2019, 22:44
- Forum: General Discussion (csf)
- Topic: regex.custom.pm stopped working
- Replies: 12
- Views: 10045
Re: regex.custom.pm stopped working
I tested the changed regex file by catenating a line to the watched log. Sure enough, an entry was logged in lfd.log of the form: (myftpmatch) expected info [LF_CUSTOMTRIGGER] As a result, I am pretty sure it is now working. However, I have some more question related to this topic. Question 1: When ...
- 03 Oct 2019, 20:06
- Forum: General Discussion (csf)
- Topic: regex.custom.pm stopped working
- Replies: 12
- Views: 10045
Re: regex.custom.pm stopped working
Suggestions: Verify that the log format or log message your rules are searching for have not changed. You nailed it! The lines I am searching begin with date/time. The logging application apparently added ms to the time. From: 2018-02-18 04:01:33 To: 2019-09-30 04:13:56.188 Just added " \.\d{3...
- 03 Oct 2019, 19:44
- Forum: General Discussion (csf)
- Topic: regex.custom.pm stopped working
- Replies: 12
- Views: 10045
Re: regex.custom.pm stopped working
Never mind. I see I need to use -P. option There does appear to be some issue with the main pattern that was working previously.
- 03 Oct 2019, 19:23
- Forum: General Discussion (csf)
- Topic: regex.custom.pm stopped working
- Replies: 12
- Views: 10045
Re: regex.custom.pm stopped working
Could you post a (very brief) example of a grep command to test my regex expression against one of my files? Or a pointer to somewhere that does? I have only used grep for trivial searching whole folders for brief phrases, etc. My regex uses PCRE syntax with various shortcuts, and tests whole line /...
- 02 Oct 2019, 22:43
- Forum: General Discussion (csf)
- Topic: regex.custom.pm stopped working
- Replies: 12
- Views: 10045
regex.custom.pm stopped working
I started using regex.custom.pm several years ago, with great success. However, for reasons unknown, it stopped working over a year ago. The regex.custom.pm didn't change. There have been changes to csf.conf, including automatic update changes. However, I have a copy of the conf file saved some mont...