This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
This bug is back in version 8.16. The current problem is that if you have a DENY_IP_LIMIT set when an IP address is pushed out of the list it is not being removed from /var/csf/csf/tempip. Since the record has the PERM flag set the bad IP address will never be banned again. Here's the code from CSF that removed the IP address from /etc/csf/csf.deny:
That code and DENY_IP_LIMIT are related to permanent bans in /etc/csf/csf.deny and nothing to do with temporary bans in /var/csf/csf.tempip which is controlled by DENY_TEMP_IP_LIMIT, so I don't see what issue you are referring to.
You need to explain in much more detail exactly what problem you are seeing and the steps to recreate it.
Sorry. In my head it's perfectly clear :-) But, I've been looking at the code paths for hours. Here's what happens.
1. The IP address is moved from temp ban to perm ban status via some rule
2. The IP address is removed from the temp ban list (csf -tr) but not from /var/lib/csf/csf.tempip
3. LFD issues a csf -d to block the address but finds the perm ban list (limited to 200) is full.
4. It pushes out the oldest entries and correctly blocks the new IP address but never does what a csf -dr does (a dokill) which removes the entry from csf.tempip.
The IP addresses which were pushed out of csf.deny have the perm flag set (in csf.tempip) so they are forever whitelisted as they are never correctly removed from csf.tempban and never blocked again.