wondering if is a bug

arteryplanet · Post by **arteryplanet** » 21 Nov 2007, 21:21

I have configured for some time now to only block the specific service, but has been many clients that contacted me saying they are blocked in the entire server, no matter if they only attempted to login many times through ftp looks like they are being blocked in the entire server. Any idea?

i have:

LF_TRIGGER =0
LF_TRIGGER_PERM =1
LF_SELECT =1

and for service for example
LF_FTPD =8
LF_FTPD_PERM =3600

Thank you in advance!

arteryplanet · Post by **arteryplanet** » 27 Nov 2007, 20:43

Anyone have any idea about this?

arteryplanet · Post by **arteryplanet** » 08 Dec 2007, 16:33

Any idea about this chirpy?

Thanx!

sdjl · Post by **sdjl** » 09 Dec 2007, 11:26

The way the blocking works is you can setup a temporary block by setting LF_TRIGGER to 0.
It then takes into account how many attempts you want each service to permit and how long the block should be for. It won't block you from just that service, but the entire server.

David

arteryplanet · Post by **arteryplanet** » 09 Dec 2007, 14:38

Hi, thanx for the reply, but as far as i can read and understand the following:

# To only block access to the failed application instead of a complete block
# for an ip address, you can set the following to "1", but LF_TRIGGER must be
# set to "0" with specific application[*] trigger levels also set

It should block the access to that specific service and not the entire server.

So hope Chirpy see this and give us a clarification about it.

Thanx!

Post by **chirpy** » 10 Dec 2007, 10:22

Your configuration should be correct (I presume that you do actually have double-quotes around those values in your csf.conf file as you haven't shown them here).

When they're blocked, what do you see with:

csf -t

As it ought to show the IP blocked only on the specific port and not an *