ConfigServer Services Blog

New csf v4.09

Changes:

  • Modification to cPanel version to restart chkservd using /scripts/restartsrv_chkservd instead of the init script as the latter is removed in the latest EDGE release that puts chkservd under the control of tailwatchd (/scripts/restartsrv_chkservd is a stub for restarting tailwatchd in the latest EDGE instead of a direct restart script in older cPanel versions). chkservd is restarted when csf is installed/uninstalled/upgraded/disabled/enabled

New csf v4.08

Changes:

  • Added a new timing system to more accurately trigger lfd tasks. This should alleviate timing issues such as those seen with LT_POP3D and LT_IMAPD and improve the overall effectiveness and performance of lfd
  • Added new method for reaping child processes. If you find that zombie lfd processes start to build up you can revert to the old reaper by enabling new option OLD_REAPER

New csf v4.07

Changes:

  • Messenger service now supports advanced filter permanent port block redirection

New csf v4.06

Our apologies for the slew of updates due to the major changes in v4. Hopefully things will settle down again now ;)Changes:

  • Moved the GALLOW, GDENY, SPAMHAUS, DSHIELD and DYNDNS rules to the LOCALxxPUT chains so that the entries can be correctly listed with ACCEPT’s at the top and DENY’s at the bottom of the chain
  • Repositioned the cPanel Bandmin acctboth rule entry in the INPUT and OUTPUT chains so that bandwidth accounting is kept accurate
  • Fixed a problem processing advanced port filters in GLOBAL_ALLOW and GLOBAL_DENY

New csf v4.05

Change aimed at addressing DNS resolver issues:

  • Moved resolver ACCEPT rules to the top of the INPUT and OUTPUT chains

New csf v4.04

Changes:

  • Fixed problem with rule placement for ETH_DEVICE_SKIP
  • Ensure all ALLOW requests are inserted before DENY requests after csf has been restarted
  • Ensure that fwlogwatch stats creation uses IPTABLES_LOG file
  • Only perform operations on the nat table if MESSENGER service is enabled
  • lfd Process Tracking will now ignore MESSENGER_USER messenger services
  • Added new option PT_ALL_USERS so that all Linux accounts on a cPanel server are checked in Process Tracking, not just cPanel users. This option is disabled by default on cPanel servers. Enabling this option may require adding exceptions to csf.pignore
  • Additional exceptions added to csf.pignore for cPanel servers for the new PT_ALL_USERS option
  • PT_SKIP_HTTP now disabled by default for new installations
  • Added PT_ALL_USERS and PT_SKIP_HTTP checks to the WHM Server Check

New csf v4.03

Changes:

  • Fixed problem where the new LOCALxxPUT chains were only processing tcp requests
  • Fixed problem with insertion of SMTP_BLOCK rules exceeding the rule count in the OUTPUT chain under certain circumstances

New csf v4.02 (Released from BETA)

Changes for v4:

  • New feature – Messenger Service. This feature allows the display of a message to a blocked connecting IP address to inform the user that they are blocked in the firewall. This can help when users get themselves blocked, e.g. due to multiple login failures. The service is provided by two daemons running on ports providing either an HTML or TEXT message. See csf.conf and readme.txt for more information

Feedback for csf v4 beta

For those that have tried the new messenger service with the csf v4 beta, please feel free to post a comment about your experience, good bad or indifferent here 🙂