First of all I'd like to thank you for releasing such a wonderful piece of freeware; when I first used it, it just blew me - all those apf+bfd limitations are now finally solved through this neat software. It's just great!
But I'd still like to see a couple of more features which I'm sure a lot of the more advanced users will appreciate them. And I don't think they are hard to implement:
1. Ability to filter connections based on owner/group id - I see you already use the "owner" module for the SMTP_BLOCK feature, so adding some code to inspect 2 more files like "csf.owner_allow" and "csf.owner_deny" should be pretty straight forward.
I'd surely like to see this in a future release as there are some applications outthere that use random source and destination ports and allowing them to initiate connections is practically impossible at the moment.
2. A new config file (csf.user_rules) that should contain user defined iptables rules - I'd like to have a file where I'd put my own rules but still benefit from csf's powerful setup. Basically the file would look like this:
Code: Select all
table,chain,line_number,iptable_command_hereThese are my some suggestions and I hope they will provide useful in the future to more users, not just me.
Keep up the good work!
Mihai