ConfigServer Community Forum

This bug is back in version 8.16. The current problem is that if you have a DENY_IP_LIMIT set when an IP address is pushed out of the list it is not being removed from /var/csf/csf/tempip. Since the record has the PERM flag set the bad IP address will never be banned again. Here's the code from CSF that removed the IP address from /etc/csf/csf.deny:
That's it. It never touches /var/lib/csf/csf.tempip. And that important message is lost since LFD doesn't capture it and log it.

That code and DENY_IP_LIMIT are related to permanent bans in /etc/csf/csf.deny and nothing to do with temporary bans in /var/csf/csf.tempip which is controlled by DENY_TEMP_IP_LIMIT, so I don't see what issue you are referring to.

You need to explain in much more detail exactly what problem you are seeing and the steps to recreate it.

Sorry. In my head it's perfectly clear :-) But, I've been looking at the code paths for hours. Here's what happens.

1. The IP address is moved from temp ban to perm ban status via some rule
2. The IP address is removed from the temp ban list (csf -tr) but not from /var/lib/csf/csf.tempip
3. LFD issues a csf -d to block the address but finds the perm ban list (limited to 200) is full.
4. It pushes out the oldest entries and correctly blocks the new IP address but never does what a csf -dr does (a dokill) which removes the entry from csf.tempip.

The IP addresses which were pushed out of csf.deny have the perm flag set (in csf.tempip) so they are forever whitelisted as they are never correctly removed from csf.tempban and never blocked again.

I can see what you are referring to now and we will investigate a fix for the next release.

Thank you. This one has been causing me pain for some months.