Search found 15 matches

by terryr
23 Apr 2018, 16:50
Forum: Report Bugs (csf)
Topic: 'Include' in csf.dyndns not working properly
Replies: 1
Views: 4515

'Include' in csf.dyndns not working properly

I received these errors in /var/log/lfd.log when trying to use an Include in csf.dyndns Apr 23 16:03:41 mail1 lfd[10847]: DynDNS: Lookup for [Include] failed Apr 23 16:13:33 mail1 lfd[11373]: DynDNS: Lookup for [Include] failed Apr 23 16:23:34 mail1 lfd[11749]: DynDNS: Lookup for [Include] failed Ap...
by terryr
23 Apr 2018, 16:27
Forum: Report Bugs (csf)
Topic: "Include" in csf.redirect causing error
Replies: 1
Views: 4109

"Include" in csf.redirect causing error

I attempted to use an include in csf.redirect and received this error on executing csf -ra. Error: csf: Incorrect csf.redirect setting ([]): [Include /etc/csf/csf.redirect.local], at line 3172 I removed the Include line and started csf with no issue. Point of clarification: The readme.txt specifical...
by terryr
03 Apr 2018, 16:08
Forum: Suggestions (csf)
Topic: GREENSNOW blocklist address change
Replies: 1
Views: 3427

GREENSNOW blocklist address change

Hello, The address for the blocklist has changed to SSL only - https://blocklist.greensnow.co/greensnow.txt. Accessing it using http: results in an error page. WIth http: address: Apr 3 15:35:45 mail1 lfd[21292]: Unable to retrieve blocklist GREENSNOW - Unable to download: No Host option provided Ap...
by terryr
21 Dec 2017, 03:27
Forum: Suggestions (csf)
Topic: Conntrack doesn't work by default on kernels 4.7+
Replies: 3
Views: 9197

Re: Conntrack doesn't work by default on kernels 4.7+

Thanks for the post. A great explanation. You may also see in your logs this message: Dec 14 03:40:15 mail kernel: nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. Al...
by terryr
12 Jun 2015, 18:39
Forum: General Discussion (csf)
Topic: Deciding which blocklists to use
Replies: 4
Views: 5287

Re: Deciding which blocklists to use

Yes, I'm still around. I still use this methodology so my blocklists are the same. I haven't conducted any additional analyses in a few months but I suspect that it continues to hold true as my numbers were roughly the same with subsequent analyses. The main point for me is that CIDR covers so many ...
by terryr
11 Apr 2014, 04:22
Forum: General Discussion (csf)
Topic: Deciding which blocklists to use
Replies: 4
Views: 5287

Deciding which blocklists to use

I have a small VPS that I run and am always looking at things I can do to make my system more secure as well as increase performance with my limited resources, two things that sometimes conflict. After a discussion the other day with a friend about blocklists, number of iptables rules and performanc...
by terryr
05 Apr 2014, 18:42
Forum: General Discussion (csf)
Topic: csf.blocklists - Invalid URL for Russian Business Networks
Replies: 3
Views: 5650

Re: csf.blocklists - Invalid URL for Russian Business Networ

Okay. Thanks.

I understand that each URL is scanned for an IPv4/CIDR address per line. Are duplicate ips removed? For example, if I want to add Shadowserver C&C will the duplicate DShield entries in that list be removed?
by terryr
05 Apr 2014, 17:41
Forum: General Discussion (csf)
Topic: csf.blocklists - Invalid URL for Russian Business Networks
Replies: 3
Views: 5650

csf.blocklists - Invalid URL for Russian Business Networks

Hello, The URL in csf.blocklists is invalid: #RBN|86400|0|http://rules.emergingthreats.net/blockrules/rbn-ips.txt I went through the EmergingThreats website and found these links which may be of interest: Detail: http://doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork - lists a number of...
by terryr
30 Jul 2012, 18:41
Forum: Suggestions (csf)
Topic: Suggested change to Exim SMTP AUTH regex
Replies: 7
Views: 8748

Re: Suggested change to Exim SMTP AUTH regex

Have you resolved this? I tested your log lines against the regex in regex.pm and they matched.

Terry