CSF.0/24 allows further blocking of IPs within the cluster

2 posts Page 1 of 1
Junior Member
Posts: 12
Joined: 25 Feb 2014, 16:26


If Csf has already blocked in cluster an IP of C-Class, then it should not send one more request of an ip deny with -cd or even accept locally -d. I have a huge problem that there are doubles, one from 0/24 and then hundreds of IPs belonging to this chain.

Consequently, there are thousands of IPs in the csf.deny file.

I have csf on Centos 7.3. The C-Class blocking is activated after four blocking of IPs in that chain occurs. That mean the fifth one activates blocking. This is working fine too. But CSF accepts the sixth one for blocking and send it in cluster.

Of course, Csf may not use -g before sending. But if the configuration is that it should send one deny request in cluster, then it _MUST_ assume that the fifth deny was sent in cluster earlier and, thus, not send it.
Junior Member
Posts: 8
Joined: 06 Nov 2018, 10:30

Try activating LF_IPSET - this may solve the issue as ipset is CDR aware
2 posts Page 1 of 1