CSF deleting custom rules in csf.deny

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
mtbwacko
Junior Member
Posts: 21
Joined: 01 Apr 2008, 21:37

CSF deleting custom rules in csf.deny

Post by mtbwacko »

This is starting to drive me nuts. I have several lines of custom IPs in csf.deny. They are placed above the section that CSF records entries to. Every few days they all completely disappear, but the entries that were placed there by CSF are untouched. An example is below - all IPs above the line that begins with "Begin Firewall Blocks" will be removed, though oddly enough, the commented out headinhs remain - only the IPs get removed. Is anyone else having this issue??

# Begin fti.net from Amsterdam
193.252.149.15
193.252.149.16
81.52.143.15
81.52.143.16
#
# Begin Performance Systems International Inc
38.0.0.0/8
#
# Begin internetserviceteam.com
89.149.241.98
217.20.127.121
#
# Begin spider5.picsearch.com (Europe)
217.212.224.145
217.212.224.169
#
# Begin Firewall Blocks
64.41.168.254 # lfd: 10 (cpanel) login failures from 64.41.168.254 - Thu Jan 3 09:28:43 2008
64.14.3.216 # lfd: 10 (whm,webmail,ftpd,sshd,cpanel) login failures from 64.14.3.216 - Fri Jan 4 00:19:27 2008
Sarah
Moderator
Posts: 921
Joined: 09 Dec 2006, 22:49

Post by Sarah »

Check your setting for DENY_IP_LIMIT. CSF will delete IP address from the top of the list if the the number of entries exceeds this limit.
mtbwacko
Junior Member
Posts: 21
Joined: 01 Apr 2008, 21:37

Post by mtbwacko »

Sarah, that was it! Thank you so much. I'm happy it was such an easy fix. Best regards.
wolf
Junior Member
Posts: 51
Joined: 13 Jul 2007, 14:19
Contact:

Post by wolf »

please note this will only work untill the csf deny limit is reached, to ensure your rules never get deleted i recommend using the global_deny file configuration for permanant rules as it is never changed by csf :)
Post Reply