It will be fantastic if you can include this patch in future versions of your code. The patch has been generated against csf v9.24. The patch activates the dormant code in lfd.
We needed the reason why an IP address was blocked. The reason is already recorded in the lfd.log on the host that blocks the IP address. In CLUSTER mode, the reason is not passed on, hence the patch.
As far as I can see the patch also does not break the current CLUSTER implementation.
Thank you for a wonderfully useful tool.
--
Regards,
-Carl
Code: Select all
--- lfd.orig 2016-09-26 22:03:28.000000000 +0200
+++ lfd.pl 2016-10-12 13:14:19.043091002 +0200
@@ -7349,7 +7349,7 @@
$message = "(NETBLOCK) $ipblock has had more than $config{LF_NETBLOCK_COUNT} blocks in the last $config{LF_NETBLOCK_INTERVAL} secs";
&syscommand(__LINE__,"/usr/sbin/csf","-d",$ipblock,"lfd: $message");
logfile("$message - *Blocked in csf* [$active]");
- if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,"",$ipblock,"","inout","0")}
+ if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,$message,$ipblock,"","inout","0")}
if ($config{BLOCK_REPORT}) {&block_report($ipblock,"*","1","inout","0",$message,"","LF_NETBLOCK_COUNT")}
if ($config{ST_ENABLE}) {&stats_report($ipblock,"*","1","inout","0",$message,"","LF_NETBLOCK_COUNT")}
$blocked = 1;
@@ -7389,7 +7389,7 @@
&syscommand(__LINE__,"/usr/sbin/csf","-tr",$ip);
&syscommand(__LINE__,"/usr/sbin/csf","-d",$ip,"lfd: $message");
logfile("$message - *Blocked in csf* [$active]");
- if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,"",$ip,"","inout","0")}
+ if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,$message,$ip,"","inout","0")}
if ($config{BLOCK_REPORT}) {&block_report($ip,"*","1","inout","0",$message,"","LF_PERMBLOCK_COUNT")}
if ($config{ST_ENABLE}) {&stats_report($ip,"*","1","inout","0",$message,"","LF_PERMBLOCK_COUNT")}
$blocked = 1;
@@ -7461,7 +7461,7 @@
}
}
if ($blocked) {
- if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,"",$ip,$port,$inout,"0")}
+ if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,$message,$ip,$port,$inout,"0")}
if ($config{BLOCK_REPORT}) {&block_report(@report)}
if ($config{ST_ENABLE}) {&stats_report(@report)}
}
@@ -7526,7 +7526,7 @@
close (TEMPBAN);
if ($message) {logfile("$message - *Blocked in csf* for $timeout secs [$active]")}
- if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient($perm,"",$ip,$port,$inout,$timeout)}
+ if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient($perm,$message,$ip,$port,$inout,$timeout)}
if ($config{BLOCK_REPORT}) {&block_report(@report)}
if ($config{ST_ENABLE}) {&stats_report(@report)}
}
@@ -9159,7 +9159,7 @@
$0 = "lfd - Cluster client";
my $cipher = Crypt::CBC->new( -key => $config{CLUSTER_KEY}, -cipher => 'Blowfish_PP');
- my $text = "D $ip $perm $port $inout $timeout";
+ my $text = "D $ip $perm $port $inout $timeout \"$message\"";
my $encrypted = $cipher->encrypt($text);
foreach my $cip (split(/\,/,$config{CLUSTER_SENDTO})) {
