Page 1 of 1

Manual block only send to cluster

Posted: 04 Feb 2016, 19:57
by Black Tiger
This post is either posted in the suggestions by me by accident, or moved there without any comment to it. If you move again, please state why it's not a bug.
This is not a suggestion however, it's a bug. Not working as should be = a bug.

I wanted to block an ip on my current server and on the cluster servers, so I use the command like this:
csf -cd 82.146.54.128

But the ip is only blocked on the remote server (cluster server) but not on the local server where I issued the command. However the manual says this:
-cd, --cdeny ip
Deny an IP in a Cluster and add to /etc/csf/csf.deny
So the ip should also be added to the csf.deny but this does not happen.
CSF v.8.12 on an Directadmin server with Centos 6.x.

From the other cluster server, I tried to do a block of a complete range like 91.200.12.0/22 and it only said "send to cluster" but nothing even got send. So this does not even work at all with ranges.

This is all reproducable!

Re: Manual block only send to cluster

Posted: 06 Feb 2016, 12:18
by ForumAdmin
You have misunderstood the documentation, which we will look at making clearer. It should read more like:
"Deny an IP in a Cluster and add to each remote /etc/csf/csf.deny". The feature does not and will not deny on the server that the command is run on, you would still need to block locally.

Re: Manual block only send to cluster

Posted: 06 Feb 2016, 13:51
by Black Tiger
The documentation explained it wrong. It says "and add to /etc/csf/csf.deny". And a cluster is all machines not only the remote ones.
Anyway, thank you for explaining this doc error.

In that case will add to the suggestion, to also make something like this for ip ranges.