csf features additions
Posted: 13 Dec 2006, 22:42
Hi,
First of all I'd like to thank you for releasing such a wonderful piece of freeware; when I first used it, it just blew me - all those apf+bfd limitations are now finally solved through this neat software. It's just great!
But I'd still like to see a couple of more features which I'm sure a lot of the more advanced users will appreciate them. And I don't think they are hard to implement:
1. Ability to filter connections based on owner/group id - I see you already use the "owner" module for the SMTP_BLOCK feature, so adding some code to inspect 2 more files like "csf.owner_allow" and "csf.owner_deny" should be pretty straight forward.
I'd surely like to see this in a future release as there are some applications outthere that use random source and destination ports and allowing them to initiate connections is practically impossible at the moment.
2. A new config file (csf.user_rules) that should contain user defined iptables rules - I'd like to have a file where I'd put my own rules but still benefit from csf's powerful setup. Basically the file would look like this:
or something like that. I think the fields are pretty self-explainatory.
These are my some suggestions and I hope they will provide useful in the future to more users, not just me.
Keep up the good work!
Mihai
First of all I'd like to thank you for releasing such a wonderful piece of freeware; when I first used it, it just blew me - all those apf+bfd limitations are now finally solved through this neat software. It's just great!
But I'd still like to see a couple of more features which I'm sure a lot of the more advanced users will appreciate them. And I don't think they are hard to implement:
1. Ability to filter connections based on owner/group id - I see you already use the "owner" module for the SMTP_BLOCK feature, so adding some code to inspect 2 more files like "csf.owner_allow" and "csf.owner_deny" should be pretty straight forward.
I'd surely like to see this in a future release as there are some applications outthere that use random source and destination ports and allowing them to initiate connections is practically impossible at the moment.
2. A new config file (csf.user_rules) that should contain user defined iptables rules - I'd like to have a file where I'd put my own rules but still benefit from csf's powerful setup. Basically the file would look like this:
Code: Select all
table,chain,line_number,iptable_command_hereThese are my some suggestions and I hope they will provide useful in the future to more users, not just me.
Keep up the good work!
Mihai