Probably a Connection Tracking bug

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
Vano
Junior Member
Posts: 8
Joined: 08 Feb 2008, 14:09

Probably a Connection Tracking bug

Post by Vano »

Csf v3.06 (generic)

It seems Lfd bans each IP 2 times in about 40 seconds one after another.

e.g. this log:

Fri Feb 8 15:47:26 2008 lfd: (CT) IP 81.174.65.77 found to have 186 connections - *Blocked in csf* for 10800 secs
Fri Feb 8 15:47:26 2008 lfd: (CT) alert email sent for 81.174.65.77
Fri Feb 8 15:48:07 2008 lfd: (CT) IP 81.174.65.77 found to have 109 connections - *Blocked in csf* for 10800 secs
Fri Feb 8 15:48:07 2008 lfd: (CT) alert email sent for 81.174.65.77

and it actually adds the IP to iptables 2 times and send 2 emails.

CT configuration:
CT_LIMIT = "100"
CT_INTERVAL = "50"
CT_EMAIL_ALERT = "1"
CT_PERMANENT = "0"
CT_BLOCK_TIME = "10800"
CT_SKIP_TIME_WAIT = "0"
CT_STATES = ""

Do you think this is a bug? or a too low checking interval?

Thanks,

-Vano
Top
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Post by Sarah »

Before you open a thread with a bug report, it is usually best to upgrade to the latest version. I believe this bug has been fixed in a post 3.06 release.
Top
Vano
Junior Member
Posts: 8
Joined: 08 Feb 2008, 14:09

Post by Vano »

Thanks for your advice, I have upgraded to CSF v3.10 (generic), that is the latest I suppose.

However I still see that issue, but now it bans each IP address 10 times (10 emails, 10 entries in tempban and iptables - per each IP address).

What informaition you'd recommend to provide to help to identify the issue?

Thanks,

-Vano
Top
Post Reply

Return to “Report Bugs (csf)”