Include statements in ignore files

9 posts Page 1 of 1
sparek
Junior Member
Posts: 33
Joined: 11 Feb 2008, 17:55


Has any thought been considered into allowing Include statements in the ignore files (csf.ignore, csf.pignore, etc)?

The current Include system seems to only work in the csf.allow and csf.deny files.

 

chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13


Hadn't really seen a need since those files are static and not dynamically updated by csf as with csf.allow and csf.deny.
eldergeek
Junior Member
Posts: 26
Joined: 18 Mar 2010, 07:25


This would be very handy when you have dozens of servers and you want to distribute a standard set of ignored IPs but still want to be able to make local amendments.

Include in csf.ignore and csf.pignore please!!!!
websavers
Junior Member
Posts: 15
Joined: 04 Sep 2013, 13:46


StatusCake recommends dynamically adding their list of IPs to the firewall... except we can't do that programmatically with CSF because csf.ignore doesn't support Include.

The simplest solution would be to have a simple Include line in csf.ignore, then run a script that obtains the latest list of StatusCake IP addresses every week or so.

Include /etc/csf/csf.statuscake

However without the ability to Include files, I see no way to make this happen.

Would love to have this feature added for this reason alone. Or perhaps CSF could have an "Ignore status monitors" option and a folder that contains files like statuscake and uptimerobot with lists of their IPs within.

-Jordan
ForumAdmin
Moderator
Posts: 1382
Joined: 01 Oct 2008, 09:24


csf has supported file Include statements in csf.ignore since v5.60
jakdept
Junior Member
Posts: 3
Joined: 15 Aug 2017, 00:59


CSF does slurp includes from the csf.ignore as a part of CSF. This bit's not reflected in the readme as of v12.01 - lines 275-277 should likely be changed to also mention csf.ignore.

LFD does *not* slurp additional lines from Include files in the same fashion. For consistency, could that be added?
ForumAdmin
Moderator
Posts: 1382
Joined: 01 Oct 2008, 09:24


We'll update the readme to reflect that csf.ignore can use Includes

lfd does slurp the Includes in the same way as csf.
jakdept
Junior Member
Posts: 3
Joined: 15 Aug 2017, 00:59


Forgive me, I left out what I meant to say before - it'd be nice to parse includes on /etc/csf/csf.pignore - which I think would only apply to lfd, but in looking I totally see I made no mention of that.

And I may have been incorrect, it may totally do it right now.

But on the second point - around line 884 of lfd, I'm not seeing lfd loading that. And stracing lfd as it loads up, I don't see it touching a file from an include line.

I see how it's done in csf, and it's there for csf for the other include files. It'd be nice to have that for lfd also though - we run an RPM for firewall whitelists internally, plus it'd be nice to do something similar for common control panels anyway.
ForumAdmin
Moderator
Posts: 1382
Joined: 01 Oct 2008, 09:24


We're going to increase the number of files that support Includes from 3 to 23 in the next release.
9 posts Page 1 of 1