CSF.0/24 allows further blocking of IPs within the cluster

2 posts Page 1 of 1
AdminWonder
Junior Member
Posts: 12
Joined: 25 Feb 2014, 16:26


Hello,

If Csf has already blocked in cluster an IP of C-Class, then it should not send one more request of an ip deny with -cd or even accept locally -d. I have a huge problem that there are doubles, one from 0/24 and then hundreds of IPs belonging to this chain.

Consequently, there are thousands of IPs in the csf.deny file.

I have csf on Centos 7.3. The C-Class blocking is activated after four blocking of IPs in that chain occurs. That mean the fifth one activates 1.1.1.0/24 blocking. This is working fine too. But CSF accepts the sixth one for blocking and send it in cluster.

Of course, Csf may not use -g before sending. But if the configuration is that it should send one deny request in cluster, then it _MUST_ assume that the fifth deny was sent in cluster earlier and, thus, not send it.
sl0m0
Junior Member
Posts: 7
Joined: 06 Nov 2018, 10:30


Try activating LF_IPSET - this may solve the issue as ipset is CDR aware
2 posts Page 1 of 1