ConfigServer Community Forum

We use csf+lfd and the Directadmin Bruteforce detector. when the da bruteforce detector "detects" it runs this command

c s f -d $ip Added by DA BruteForce monitor

we noticed that with this method the c s f . p l does not check the csf.ignore but only the csf.allow as the bruteforce detector is a bit like lfd, then i would assume in this case it should also check the csf.allow and the csf.ignore to prevent unwanted blocking of ip's.

as i can imagine i dont want to specify an allow for ports or all ports but i do want the "default allowed ports" from the csf.config and have the ip in the csf.ignore

Thanks

Good day:

My understanding of csf.ignore is that only LFD interacts with it; and it is more or less a form of a white list. It does not open any ports that are not otherwise unopen for those IP's... it just doesn't ban them if LFD detects something that would be banable.

This means direct commands like "csf -d" is going to ignore csf.ignore.

Therefore, your best bet, if csf.ignore matters, is to write a wrapper whereby you would check csf.ignore prior to issuing a csf -d.

Thank you.

Yup, csf.ignore is for lfd to use to avoid blocking listed IP addresses. We will consider adding a check in csf for csf.ignore, though, for this type of scenario, either within -d or as a new option.

Support for this was added to v5.60:
http://blog.configserver.com/index.php?itemid=667

thanks