possible bug with csf.ignore

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
robm
Junior Member
Posts: 33
Joined: 20 Jan 2007, 20:44

possible bug with csf.ignore

Post by robm »

In /etc/csf/csf.ignore I have, for example:
127.0.0.1
123.456.789.0/24
234.567.890.0/24

But if I ssh in from 123.456.789.32, it still triggers an SSH email alert. I restarted both csf and lfd, but it still triggers the alert. Thoughts?
Top
mickalo
Junior Member
Posts: 90
Joined: 12 Dec 2006, 13:53
Location: N.W Iowa
Contact:
Contact mickalo

Post by mickalo »

robm wrote:In /etc/csf/csf.ignore I have, for example:
127.0.0.1
123.456.789.0/24
234.567.890.0/24

But if I ssh in from 123.456.789.32, it still triggers an SSH email alert. I restarted both csf and lfd, but it still triggers the alert. Thoughts?
In the csf.ignore file it states: CIDR addressing _not_ allowed
so what you have will not work, CIDR/Masking doesn't work in this file

Mickalo
Top
robm
Junior Member
Posts: 33
Joined: 20 Jan 2007, 20:44

Post by robm »

2.61 csf.ignore file has:
# The following IP addresses will be ignored by all lfd checks
# One IP address per line
# CIDR addressing allowed with a quaded IP (e.g. 192.168.254.0/24)
# Only list IP addresses, not domain names (they will be ignored)
So I thought it was allowed as the comments seem to indicate it, and lfd.pl checks against cidr code from what I can tell. If it's a typo in the config file, just let me know. Thanks.
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

CIDR blocks were added to csf.ignore and it does work when I try it, so I don't know why it isn't working for you so long as you're running the latest csf - also make sure you're adding it to /etc/csf/csf.ignore ;)

If you want, you can log a ticket on our helpdesk with SSH access details and I'll add some debug code to see if I can see why it isn't happening.
Top
mickalo
Junior Member
Posts: 90
Joined: 12 Dec 2006, 13:53
Location: N.W Iowa
Contact:
Contact mickalo

Post by mickalo »

robm wrote:2.61 csf.ignore file has:



So I thought it was allowed as the comments seem to indicate it, and lfd.pl checks against cidr code from what I can tell. If it's a typo in the config file, just let me know. Thanks.
my mistake. My csf.ignore must be an older file, it still states it does not allow CIDR ips.

Mickalo
Top
robm
Junior Member
Posts: 33
Joined: 20 Jan 2007, 20:44

Post by robm »

Running the latest version, generic linux, and running both csf -r and service lfd restart after each change.

ok, some more testing. With this in /etc/csf/csf.ignore:
127.0.0.1
123.45.0.0/16

If I ssh in from 123.45.32.15 it does not send an email, which is expected.

If I put this in /etc/csf/csf.ignore:
127.0.0.1
123.45.0.0/16
67.89.0.0/16

and I ssh in from 67.89.104.78, I do get an email, which I shouldn't. Seems to be problem with handling multiple CIDR lines possibly? If you need me to test anything, run a debug version, etc... just let me know.

Rob
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

I've recreated the problem and will work on a fix.
Top
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Post by chirpy »

Fixed in v2.62 :)

Thank you for persisting with this.
Top
robm
Junior Member
Posts: 33
Joined: 20 Jan 2007, 20:44

Post by robm »

Thanks! Working great now.
Top
Post Reply

Return to “Report Bugs (csf)”