This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
This is starting to drive me nuts. I have several lines of custom IPs in csf.deny. They are placed above the section that CSF records entries to. Every few days they all completely disappear, but the entries that were placed there by CSF are untouched. An example is below - all IPs above the line that begins with "Begin Firewall Blocks" will be removed, though oddly enough, the commented out headinhs remain - only the IPs get removed. Is anyone else having this issue??
# Begin fti.net from Amsterdam
193.252.149.15
193.252.149.16
81.52.143.15
81.52.143.16
#
# Begin Performance Systems International Inc
38.0.0.0/8
#
# Begin internetserviceteam.com
89.149.241.98
217.20.127.121
#
# Begin spider5.picsearch.com (Europe)
217.212.224.145
217.212.224.169
#
# Begin Firewall Blocks
64.41.168.254 # lfd: 10 (cpanel) login failures from 64.41.168.254 - Thu Jan 3 09:28:43 2008
64.14.3.216 # lfd: 10 (whm,webmail,ftpd,sshd,cpanel) login failures from 64.14.3.216 - Fri Jan 4 00:19:27 2008
please note this will only work untill the csf deny limit is reached, to ensure your rules never get deleted i recommend using the global_deny file configuration for permanant rules as it is never changed by csf
