Has any thought been considered into allowing Include statements in the ignore files (csf.ignore, csf.pignore, etc)?
The current Include system seems to only work in the csf.allow and csf.deny files.
Include statements in ignore files
Re: Include statements in ignore files
This would be very handy when you have dozens of servers and you want to distribute a standard set of ignored IPs but still want to be able to make local amendments.
Include in csf.ignore and csf.pignore please!!!!
Include in csf.ignore and csf.pignore please!!!!
Re: Include statements in ignore files
StatusCake recommends dynamically adding their list of IPs to the firewall... except we can't do that programmatically with CSF because csf.ignore doesn't support Include.
The simplest solution would be to have a simple Include line in csf.ignore, then run a script that obtains the latest list of StatusCake IP addresses every week or so.
Include /etc/csf/csf.statuscake
However without the ability to Include files, I see no way to make this happen.
Would love to have this feature added for this reason alone. Or perhaps CSF could have an "Ignore status monitors" option and a folder that contains files like statuscake and uptimerobot with lists of their IPs within.
-Jordan
The simplest solution would be to have a simple Include line in csf.ignore, then run a script that obtains the latest list of StatusCake IP addresses every week or so.
Include /etc/csf/csf.statuscake
However without the ability to Include files, I see no way to make this happen.
Would love to have this feature added for this reason alone. Or perhaps CSF could have an "Ignore status monitors" option and a folder that contains files like statuscake and uptimerobot with lists of their IPs within.
-Jordan
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: Include statements in ignore files
csf has supported file Include statements in csf.ignore since v5.60
Re: Include statements in ignore files
CSF does slurp includes from the csf.ignore as a part of CSF. This bit's not reflected in the readme as of v12.01 - lines 275-277 should likely be changed to also mention csf.ignore.
LFD does *not* slurp additional lines from Include files in the same fashion. For consistency, could that be added?
LFD does *not* slurp additional lines from Include files in the same fashion. For consistency, could that be added?
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: Include statements in ignore files
We'll update the readme to reflect that csf.ignore can use Includes
lfd does slurp the Includes in the same way as csf.
lfd does slurp the Includes in the same way as csf.
Re: Include statements in ignore files
Forgive me, I left out what I meant to say before - it'd be nice to parse includes on /etc/csf/csf.pignore - which I think would only apply to lfd, but in looking I totally see I made no mention of that.
And I may have been incorrect, it may totally do it right now.
But on the second point - around line 884 of lfd, I'm not seeing lfd loading that. And stracing lfd as it loads up, I don't see it touching a file from an include line.
I see how it's done in csf, and it's there for csf for the other include files. It'd be nice to have that for lfd also though - we run an RPM for firewall whitelists internally, plus it'd be nice to do something similar for common control panels anyway.
And I may have been incorrect, it may totally do it right now.
But on the second point - around line 884 of lfd, I'm not seeing lfd loading that. And stracing lfd as it loads up, I don't see it touching a file from an include line.
I see how it's done in csf, and it's there for csf for the other include files. It'd be nice to have that for lfd also though - we run an RPM for firewall whitelists internally, plus it'd be nice to do something similar for common control panels anyway.
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: Include statements in ignore files
We're going to increase the number of files that support Includes from 3 to 23 in the next release.