csf.conf has DROP_NOLOG which modifies the firewall and does not log.
Please consider adding a NOLOG option where I can list ports whose existing firewall options are not logged.
For example:
Code: Select all
NOLOG="25"
Some of the web sites in question don't have an MX record, so when a valid mail server goes to send an email to the domain name, it ends up going to the web server IP (TCP 25) as a default given no MX.
The firewall doesn't allow the activity which is good; BUT after x attempts, CSF / LFD is sending out a brute force alert and a arf report.
I would rather have such events handled, but no logging or reporting.
Thank you.