csf -ar / csf -dr

[sparek]

Did the new updates break csf -ar and csf -dr functionality? They don't appear to be working for me.

[ForumAdmin]

In what way are they not working for you?

Code: Select all

root@host [~]# csf -d 1.1.1.1
Adding 1.1.1.1 to csf.deny and iptables DROP...
DROP  all opt -- in !lo out *  1.1.1.1  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 1.1.1.1  
REDIRECT  tcp opt -- in !lo out *  1.1.1.1  -> 0.0.0.0/0  multiport dports 80,2082,2095 redir ports 8888 
REDIRECT  tcp opt -- in !lo out *  1.1.1.1  -> 0.0.0.0/0  multiport dports 21 redir ports 8889 
root@host [~]# csf -dr 1.1.1.1
Removing rule...
DROP  all opt -- in !lo out *  1.1.1.1  -> 0.0.0.0/0  
LOGDROPOUT  all opt -- in * out !lo  0.0.0.0/0  -> 1.1.1.1  
REDIRECT  tcp opt -- in !lo out *  1.1.1.1  -> 0.0.0.0/0  multiport dports 80,2082,2095 redir ports 8888 
REDIRECT  tcp opt -- in !lo out *  1.1.1.1  -> 0.0.0.0/0  multiport dports 21 redir ports 8889 
root@host [~]# csf -a 1.1.1.1
Adding 1.1.1.1 to csf.allow and iptables ACCEPT...
ACCEPT  all opt -- in !lo out *  1.1.1.1  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 1.1.1.1  
root@host [~]# csf -ar 1.1.1.1
Removing rule...
ACCEPT  all opt -- in !lo out *  1.1.1.1  -> 0.0.0.0/0  
ACCEPT  all opt -- in * out !lo  0.0.0.0/0  -> 1.1.1.1  

[sparek]

Sorry, should have given more information.

When giving port details

Code: Select all

root@host [~]# csf -a 'tcp|in|d=80|s=1.1.1.1'
Adding tcp|in|d=80|s=1.1.1.1 to csf.allow and iptables ACCEPT...
ACCEPT  tcp opt -- in eth1 out *  1.1.1.1  -> 0.0.0.0/0  tcp dpt:80 
root@host [~]# csf -ar 'tcp|in|d=80|s=1.1.1.1'
csf: tcp\|in\|d=80\|s=1.1.1.1 not found in csf.allow

[ForumAdmin]

That is an issue and we will look into it. Thank you for bringing it up.

[ForumAdmin]

This should now be fixed in v9.07:
http://blog.configserver.com/