I think it would be extremely useful if csf checked the error code of the audit_log and ban,temp_ban, or ignore based on the error code of the audit_log entry.
eg. permanantly ban any 412 code on 1 connection while temp banning a 403 error code with 5 attempts for X seconds and ignoreing 406 alltogether.
just thought it would add a whole new level of control :)
Just noticed that the temporary ban was overriding the csf.allow IPs when our webmail server was blocked from accessing one of our servers even though it was in the allow file.
Another annoying thing is that you can't remove the temporary bans through the csf interface (cpanel whm plugin)
Probably un-needed by most people but I could use something like this. If it wouldnt add no bulk or anything that would cause problems id really like to see this.
Would be good in case you have an ip under attack, you could examine tcpdump and see if there is a pattern in TTL which there usually is with some ddos tools/bots.
Or maybe advanced options for the PF feature that includes something...
I'm new to CSF and firewalls in general. I'm trying to complete a PCI scan and I was told by the company doing the scanning that I needed to block SYN packets to certain ports.
This is exactly what was said.:
Make sure that all your filtering rules are correct and strict enough. If the firewall intends to deny TCP connections to a specific port, it should be configured to block all TCP...
I'm using CSF-LFD on all my servers, including my VPS servers and it's working very well... until dirwatch meets some huge files, like this can happen when I move a VPS from one server to another. In this case, a temp file is created in /tmp, whose size can be several GB, causing a high load when dirwatch is checking it.
Could this be possible that we can set a max size for the files to be...
Thank you very much for this product. We recommend it to all of our customers who request a powerful firewall that is simple to manage. I have two feature requests -- please correct me if they are already within the product.
1) Dovecot support. We typically set up our dedicated servers using Fedora or CentOS. We install PureFTP to be compliant with CSF, but we require Dovecot for...
I been using a modifed version of dos deflate to block connections with so many syn_recv but its not perfect. Only can run every minute and havent really made a viable unban feature.
If there was a thing on csf like connection tracking that parsed netstat for so many syn_recv connections per ip and ban the ones with the limit, I usually do 10 but sometimes it can ban legit users.
First of all I'd like to thank you for releasing such a wonderful piece of freeware; when I first used it, it just blew me - all those apf+bfd limitations are now finally solved through this neat software. It's just great!
But I'd still like to see a couple of more features which I'm sure a lot of the more advanced users will appreciate them. And I don't think they are hard to implement:...
hi guys, i have 2 servers , csf on both of them, i allowed the ips to one another, and they really do create a lot of connections between them. yet i woke up this morning, and i saw 760 messages telling me that the ip xx.x.x.x had 333 connections and it was blocked. it was NOT blocked, but i still got spammed .
i don't want to disable the mail alert, because that is cool, but i want to receive...
I'm not sure this has been discussed but here goes:
I've noticed that since we don't use SSH password auth we don't get Bruteforce IPs blocked for SSH. I suppose it makes sense if an RSA auth failure isn't classified as a loggin failure (I'm thinking out loud there as I'm not sure on the technical side myself yet).
Personally, I would rather see these IPs banned permanently than to get...
I know the feature exists to have a centralized IP deny/allow list but what about having a clustered one?
For example, we host our servers on the same network. So what would be nice is if one server denies/allows an IP, the other servers pick up the IP and perform the same action.
It might sound easier on paper but certainly a noteworthy feature.
How can I get the firewall BLOCKED messages to log to /var/log/firewall instead of /var/log/messages? And how do I add that file to log rotation? Is there a way to specify the log file or the Syslog level and then modify /etc/syslog.conf.
I have started blocking large IP ranges to cut down on spam from spam friendly countries. It would be nice if CSF had an interface for selecting a country like China and having all the IP's for that country to be added to the firewall deny list.
Just a thought. I don't know how many people are blocking countries like I am.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum