Search found 5 matches

by user4473
08 Mar 2013, 14:33
Forum: Suggestions (csf)
Topic: LFD Stalling During DNS Lookups
Replies: 1
Views: 2872

LFD Stalling During DNS Lookups

Hello, I'm using generic CSF 6.0 on Gentoo. I have a couple custom regexes that scans apache access_log and modsec_audit log. The regexes work correctly. When these rules match there is a flood of errors from a single ip, 10's of accesses per second. Looking at strace, LFD seems to be trying to reso...
by user4473
07 Mar 2013, 23:52
Forum: General Discussion (csf)
Topic: DNS DoS attacks
Replies: 7
Views: 11254

Re: DNS DoS attacks

You need kernel config NETFILTER_XT_MATCH_RECENT and NETFILTER_XT_MATCH_STRING

"recent" match support
"string" match support
by user4473
07 Mar 2013, 14:48
Forum: General Discussion (csf)
Topic: DNS DoS attacks
Replies: 7
Views: 11254

Re: DNS DoS attacks

This is a DNS Reflective Amplification Attack. This rule limits ANY queries to 10 in 600 seconds. iptables -I INPUT -p udp --dport 53 -m string --from 47 --algo bm --hex-string '|0000FF0001|' -m recent --set --name dnsanyquery iptables -I INPUT -p udp --dport 53 -m string --from 47 --algo bm --hex-s...
by user4473
13 Feb 2013, 09:35
Forum: Suggestions (csf)
Topic: Suggestion: Run a custom script after ban and unban
Replies: 3
Views: 5336

Suggestion: Run a custom script after ban and unban

Hello, I'm using CSF generic on Gentoo. I have a feature suggestion: Run a script whenever an IP is banned or unbanned. It would run on any kind of ban/unban: auto or manual and perm or temp. It would pass similar arguments as BLOCK_REPORT to the custom script. Currently I am using BLOCK_REPORT to r...
by user4473
20 Aug 2012, 21:03
Forum: Suggestions (csf)
Topic: Patch for Tunneled IPv6
Replies: 1
Views: 3787

Patch for Tunneled IPv6

Hi, I use CSF Firewall on multiple generic boxes/networks (without cPanel) and I think it's great! It saves so much time and hassle. I even use it on the router for my home LAN. Many thanks to the Dev's. Unfortunately some of the networks I'm on do not yet have native IPv6, so instead I use a tunnel...