c s f -d does not check the csf.ignore

Post Reply
soulshepard
Junior Member
Posts: 11
Joined: 24 Jan 2012, 08:55

c s f -d does not check the csf.ignore

Post by soulshepard »

We use csf+lfd and the Directadmin Bruteforce detector. when the da bruteforce detector "detects" it runs this command

c s f -d $ip Added by DA BruteForce monitor

we noticed that with this method the c s f . p l does not check the csf.ignore but only the csf.allow as the bruteforce detector is a bit like lfd, then i would assume in this case it should also check the csf.allow and the csf.ignore to prevent unwanted blocking of ip's.

as i can imagine i dont want to specify an allow for ports or all ports but i do want the "default allowed ports" from the csf.config and have the ip in the csf.ignore

Thanks
dynamicnet
Junior Member
Posts: 48
Joined: 31 May 2012, 18:29
Location: Lancaster County PA US
Contact:

Re: c s f -d does not check the csf.ignore

Post by dynamicnet »

Good day:

My understanding of csf.ignore is that only LFD interacts with it; and it is more or less a form of a white list. It does not open any ports that are not otherwise unopen for those IP's... it just doesn't ban them if LFD detects something that would be banable.

This means direct commands like "csf -d" is going to ignore csf.ignore.

Therefore, your best bet, if csf.ignore matters, is to write a wrapper whereby you would check csf.ignore prior to issuing a csf -d.

Thank you.
chirpy
Moderator
Posts: 3537
Joined: 09 Dec 2006, 18:13

Re: c s f -d does not check the csf.ignore

Post by chirpy »

Yup, csf.ignore is for lfd to use to avoid blocking listed IP addresses. We will consider adding a check in csf for csf.ignore, though, for this type of scenario, either within -d or as a new option.
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: c s f -d does not check the csf.ignore

Post by ForumAdmin »

Support for this was added to v5.60:
http://blog.configserver.com/index.php?itemid=667
soulshepard
Junior Member
Posts: 11
Joined: 24 Jan 2012, 08:55

Re: c s f -d does not check the csf.ignore

Post by soulshepard »

thanks
Post Reply