Page 1 of 1

Include statements in ignore files

Posted: 17 May 2010, 20:46
by sparek
Has any thought been considered into allowing Include statements in the ignore files (csf.ignore, csf.pignore, etc)?

The current Include system seems to only work in the csf.allow and csf.deny files.

Posted: 23 May 2010, 09:51
by chirpy
Hadn't really seen a need since those files are static and not dynamically updated by csf as with csf.allow and csf.deny.

Re: Include statements in ignore files

Posted: 26 Mar 2013, 22:24
by eldergeek
This would be very handy when you have dozens of servers and you want to distribute a standard set of ignored IPs but still want to be able to make local amendments.

Include in csf.ignore and csf.pignore please!!!!

Re: Include statements in ignore files

Posted: 03 Mar 2016, 14:32
by websavers
StatusCake recommends dynamically adding their list of IPs to the firewall... except we can't do that programmatically with CSF because csf.ignore doesn't support Include.

The simplest solution would be to have a simple Include line in csf.ignore, then run a script that obtains the latest list of StatusCake IP addresses every week or so.

Include /etc/csf/csf.statuscake

However without the ability to Include files, I see no way to make this happen.

Would love to have this feature added for this reason alone. Or perhaps CSF could have an "Ignore status monitors" option and a folder that contains files like statuscake and uptimerobot with lists of their IPs within.

-Jordan

Re: Include statements in ignore files

Posted: 03 Mar 2016, 14:59
by ForumAdmin
csf has supported file Include statements in csf.ignore since v5.60

Re: Include statements in ignore files

Posted: 02 Apr 2018, 20:31
by jakdept
CSF does slurp includes from the csf.ignore as a part of CSF. This bit's not reflected in the readme as of v12.01 - lines 275-277 should likely be changed to also mention csf.ignore.

LFD does *not* slurp additional lines from Include files in the same fashion. For consistency, could that be added?

Re: Include statements in ignore files

Posted: 02 Apr 2018, 21:29
by ForumAdmin
We'll update the readme to reflect that csf.ignore can use Includes

lfd does slurp the Includes in the same way as csf.

Re: Include statements in ignore files

Posted: 03 Apr 2018, 03:21
by jakdept
Forgive me, I left out what I meant to say before - it'd be nice to parse includes on /etc/csf/csf.pignore - which I think would only apply to lfd, but in looking I totally see I made no mention of that.

And I may have been incorrect, it may totally do it right now.

But on the second point - around line 884 of lfd, I'm not seeing lfd loading that. And stracing lfd as it loads up, I don't see it touching a file from an include line.

I see how it's done in csf, and it's there for csf for the other include files. It'd be nice to have that for lfd also though - we run an RPM for firewall whitelists internally, plus it'd be nice to do something similar for common control panels anyway.

Re: Include statements in ignore files

Posted: 04 Apr 2018, 17:37
by ForumAdmin
We're going to increase the number of files that support Includes from 3 to 23 in the next release.