ConfigServer Community Forum

Is there any way currently to include additional ip blocklists into csf.deny via external files?

I know csf.blocklists can download lists, but I am talking about local files that csf would not touch other than to import them when csf.deny is loaded

Such lists would be treated as "do not delete" by default.

Wondering if I missed a feature somewhere or have to request it.

Could I abuse the /etc/csf/csf.block.NAME files for this purpose?

If I make a /etc/csf/csf.block.example file will csf import it even if there isn't a rule in csf.blocklists for it?

Will it leave the file alone and never delete it?

Oh I see they moved to /var/lib/csf/csf.block.NAME

If you use the following format in /etc/csf/csf.deny:
You can then list using the same format as for csf.deny in that file and they will never be cleared down.

Oh that is absolutely perfect. Somehow missed that in the documentation. Thanks!

So to be clear they do NOT need the "do not delete" and that include line will never be removed and those external lists will never be trimmed.

It would probably be greedy to wish for them to support wildcards, ie.
Include /some/other/*.blocklists

You do not need "do not delete". It does not do wildcards.

One last question on this (sorry) do included files count against DENY_IP_LIMIT ?

I suspect not, but want to be certain.

Also discovered you can do includes inside included files, nice.

They do not count against that limit.