CSF.0/24 allows further blocking of IPs within the cluster
Posted: 12 Apr 2019, 18:14
Hello,
If Csf has already blocked in cluster an IP of C-Class, then it should not send one more request of an ip deny with -cd or even accept locally -d. I have a huge problem that there are doubles, one from 0/24 and then hundreds of IPs belonging to this chain.
Consequently, there are thousands of IPs in the csf.deny file.
I have csf on Centos 7.3. The C-Class blocking is activated after four blocking of IPs in that chain occurs. That mean the fifth one activates 1.1.1.0/24 blocking. This is working fine too. But CSF accepts the sixth one for blocking and send it in cluster.
Of course, Csf may not use -g before sending. But if the configuration is that it should send one deny request in cluster, then it _MUST_ assume that the fifth deny was sent in cluster earlier and, thus, not send it.
If Csf has already blocked in cluster an IP of C-Class, then it should not send one more request of an ip deny with -cd or even accept locally -d. I have a huge problem that there are doubles, one from 0/24 and then hundreds of IPs belonging to this chain.
Consequently, there are thousands of IPs in the csf.deny file.
I have csf on Centos 7.3. The C-Class blocking is activated after four blocking of IPs in that chain occurs. That mean the fifth one activates 1.1.1.0/24 blocking. This is working fine too. But CSF accepts the sixth one for blocking and send it in cluster.
Of course, Csf may not use -g before sending. But if the configuration is that it should send one deny request in cluster, then it _MUST_ assume that the fifth deny was sent in cluster earlier and, thus, not send it.