Search found 11 matches

by ocahui
18 Nov 2020, 03:04
Forum: General Discussion (csf)
Topic: Adding a blocklist to /etc/csf/blocklists fails
Replies: 0
Views: 2292

Adding a blocklist to /etc/csf/blocklists fails

In csf.conf I have LF_IPSET = "1" LF_IPSET_HASHSIZE = "1024" LF_IPSET_MAXELEM = "65536" I have several public blocklists enabled, namely ABDE, BDEALL, SPAMDROP, etc., all of which have been working correctly on csf with ipset for several years. At this point, I don't re...
by ocahui
14 Nov 2020, 22:31
Forum: Suggestions (csf)
Topic: Custom ipset support
Replies: 0
Views: 3264

Custom ipset support

I have private custom ipset-managed blocklists on my system that get wiped out whenever csf is restarted,because, of course, csf is unaware of them. This poses a management problem. Is there some way to inform csf of the existence of these ipsets? I am only aware of the support in /etc/csf/csf.block...
by ocahui
07 Oct 2019, 23:57
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 7632

Re: regex.custom.pm stopped working

Through the combination of strategic countries, ASN, and netblocks, I've reduced spam, email account attempts, and log size by 96%. I have similar results using CC_DENY plus blocklists SPAMDROP SPAMEDROP BDE BDEALL FULLBOGON (all run by IPset) Only a few ports are open on my server, the SSH port no...
by ocahui
07 Oct 2019, 22:02
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 7632

Re: regex.custom.pm stopped working

What is the syntax of your port declaration? Presently: { return ("SMTP error 3",$1,"exim_main_error3","1","25","14400");} Have also used: { return ("SMTP error 3",$1,"exim_main_error3","1",$3,"14400");} And: ...
by ocahui
07 Oct 2019, 18:51
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 7632

Re: regex.custom.pm stopped working

There are two categories of blocks: temporary and permanent (and permanent permanent). Your config will determine which are used and how. Be sure to read: ...... Temp blocks are stored in /var/lib/csf . Don't mess with these files. Permanent blocks are stored in deny.txt to the limit of DENY_IP_LIM...
by ocahui
04 Oct 2019, 22:44
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 7632

Re: regex.custom.pm stopped working

I tested the changed regex file by catenating a line to the watched log. Sure enough, an entry was logged in lfd.log of the form: (myftpmatch) expected info [LF_CUSTOMTRIGGER] As a result, I am pretty sure it is now working. However, I have some more question related to this topic. Question 1: When ...
by ocahui
03 Oct 2019, 20:06
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 7632

Re: regex.custom.pm stopped working

Suggestions: Verify that the log format or log message your rules are searching for have not changed. You nailed it! The lines I am searching begin with date/time. The logging application apparently added ms to the time. From: 2018-02-18 04:01:33 To: 2019-09-30 04:13:56.188 Just added " \.\d{3...
by ocahui
03 Oct 2019, 19:44
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 7632

Re: regex.custom.pm stopped working

Never mind. I see I need to use -P. option There does appear to be some issue with the main pattern that was working previously.
by ocahui
03 Oct 2019, 19:23
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 7632

Re: regex.custom.pm stopped working

Could you post a (very brief) example of a grep command to test my regex expression against one of my files? Or a pointer to somewhere that does? I have only used grep for trivial searching whole folders for brief phrases, etc. My regex uses PCRE syntax with various shortcuts, and tests whole line /...
by ocahui
02 Oct 2019, 22:43
Forum: General Discussion (csf)
Topic: regex.custom.pm stopped working
Replies: 12
Views: 7632

regex.custom.pm stopped working

I started using regex.custom.pm several years ago, with great success. However, for reasons unknown, it stopped working over a year ago. The regex.custom.pm didn't change. There have been changes to csf.conf, including automatic update changes. However, I have a copy of the conf file saved some mont...