CLUSTER with reason patch

Post Reply
carlswart
Junior Member
Posts: 1
Joined: 13 Oct 2016, 05:31

CLUSTER with reason patch

Post by carlswart »

Hi,

It will be fantastic if you can include this patch in future versions of your code. The patch has been generated against csf v9.24. The patch activates the dormant code in lfd.

We needed the reason why an IP address was blocked. The reason is already recorded in the lfd.log on the host that blocks the IP address. In CLUSTER mode, the reason is not passed on, hence the patch.

As far as I can see the patch also does not break the current CLUSTER implementation.

Thank you for a wonderfully useful tool.

--
Regards,
-Carl

Code: Select all

--- lfd.orig    2016-09-26 22:03:28.000000000 +0200
+++ lfd.pl      2016-10-12 13:14:19.043091002 +0200
@@ -7349,7 +7349,7 @@
                                        $message = "(NETBLOCK) $ipblock has had more than $config{LF_NETBLOCK_COUNT} blocks in the last $config{LF_NETBLOCK_INTERVAL} secs";
                                        &syscommand(__LINE__,"/usr/sbin/csf","-d",$ipblock,"lfd: $message");
                                        logfile("$message - *Blocked in csf* [$active]");
-                                       if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,"",$ipblock,"","inout","0")}
+                                       if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,$message,$ipblock,"","inout","0")}
                                        if ($config{BLOCK_REPORT}) {&block_report($ipblock,"*","1","inout","0",$message,"","LF_NETBLOCK_COUNT")}
                                        if ($config{ST_ENABLE}) {&stats_report($ipblock,"*","1","inout","0",$message,"","LF_NETBLOCK_COUNT")}
                                        $blocked = 1;
@@ -7389,7 +7389,7 @@
                                        &syscommand(__LINE__,"/usr/sbin/csf","-tr",$ip);
                                        &syscommand(__LINE__,"/usr/sbin/csf","-d",$ip,"lfd: $message");
                                        logfile("$message - *Blocked in csf* [$active]");
-                                       if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,"",$ip,"","inout","0")}
+                                       if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,$message,$ip,"","inout","0")}
                                        if ($config{BLOCK_REPORT}) {&block_report($ip,"*","1","inout","0",$message,"","LF_PERMBLOCK_COUNT")}
                                        if ($config{ST_ENABLE}) {&stats_report($ip,"*","1","inout","0",$message,"","LF_PERMBLOCK_COUNT")}
                                        $blocked = 1;
@@ -7461,7 +7461,7 @@
                                }
                        }
                        if ($blocked) {
-                               if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,"",$ip,$port,$inout,"0")}
+                               if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient(1,$message,$ip,$port,$inout,"0")}
                                if ($config{BLOCK_REPORT}) {&block_report(@report)}
                                if ($config{ST_ENABLE}) {&stats_report(@report)}
                        }
@@ -7526,7 +7526,7 @@
                                close (TEMPBAN);

                                if ($message) {logfile("$message - *Blocked in csf* for $timeout secs [$active]")}
-                               if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient($perm,"",$ip,$port,$inout,$timeout)}
+                               if ($config{CLUSTER_BLOCK} and $config{CLUSTER_SENDTO} and !$cluster) {&lfdclient($perm,$message,$ip,$port,$inout,$timeout)}
                                if ($config{BLOCK_REPORT}) {&block_report(@report)}
                                if ($config{ST_ENABLE}) {&stats_report(@report)}
                        }
@@ -9159,7 +9159,7 @@
                $0 = "lfd - Cluster client";

                my $cipher = Crypt::CBC->new( -key => $config{CLUSTER_KEY}, -cipher => 'Blowfish_PP');
-               my $text = "D $ip $perm $port $inout $timeout";
+               my $text = "D $ip $perm $port $inout $timeout \"$message\"";
                my $encrypted = $cipher->encrypt($text);

                foreach my $cip (split(/\,/,$config{CLUSTER_SENDTO})) {
marcele
Junior Member
Posts: 214
Joined: 17 Sep 2007, 17:02

Re: CLUSTER with reason patch

Post by marcele »

Looks good :)
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: CLUSTER with reason patch

Post by ForumAdmin »

We will add this to the next release of csf. Thank you for the suggestion and work you've done.
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: CLUSTER with reason patch

Post by ForumAdmin »

A feature that addresses this has been added to csf v9.29 which we have just released:
http://blog.configserver.com/
Post Reply