CSF firewall commonly known as Configserver Security and Firewall has become one of the popular firewall not just because of its easy of use it also provides a cpanel interface and can be easily installed and tuned by any users.
Yesterday, we upgraded CSF to latest version which is 5.11 to offer more protection to our client.
Here are some major changes in the new version:
Added a new 7th argument to BLOCK_REPORT that includes the log lines that triggered the block (excludes LF_NETBLOCK and LF_PERMBLOCK)
Added new CLI option csf –tempallow (csf -ta) which works in exactly the same way as csf –tempdeny (csf -td) except it provides a method of temporary IP allows for a given duration. csf -t, csf -tf and csf -tr now apply to both deny and allow entries
Allow the use of a duration suffix in csf -ta and csf -td for m, h and d (minutes, hours and days). Only one suffix allowed and only integers
Updated UI entry for adding and removing temporary allows and blocks
Display temporary block TTL in days hours minutes and seconds
Added new CLI option csf –watch [ip] (csf -w [ip]) and configuration option WATCH_MODE. This new option logs SYN packets from a specified source as they traverse the iptables chains. This can be extremely useful in tracking where that IP is being DROPed or ACCEPTed by iptables. See readme.txt for more information
Modified csf and lfd init scripts to be LSB-compliant
Modified BOGON/DSHIELD/SPAMHAUS block list retrieval to only download the list if it has not already been retrieved within the configured interval. This is to help prevent blacklisting by the list provider for repeated downloads after frequent lfd restarts
Fixed problem with csf -q and csf -sf not restarting the firewall if there was a previous startup error.