New csf v7.56

Changes:

  • Fixed issue with Restricted UI item sanity checks failing
  • Modified LF_CSF on cPanel servers to detect a change in the cPanel version and then trigger a restart of ConfigServer scripts (lfd, MailScanner cxs Watch). Restart triggers are limited to every 12 hours and will only trigger if upcp is not running

cPanel v11.46 and csf/lfd

With the release of cPanel v11.46, changes in the cPanel provided Perl environment may cause errors in lfd with URL retrieval. To resolve the problem all that should be required is a restart of lfd. This can be done either from within the WHM csf UI or from the root shell with:

/etc/init.d/lfd restart

Check /var/log/lfd.log afterwards. This should only occur on time after the initial upgrade into cPanel v11.46.

To pre-empt the issue, you could add the above command to /scripts/postupcp

cPanel v11.46 and MailScanner

With the release of cPanel v11.46, changes in the cPanel provided Perl environment may cause problems with email delivery immediately following the upgrade. To resolve the problem all that should be required is a restart of MailScanner. This can be done either from within the WHM MailScanner UI or from the root shell with:

/etc/init.d/MailScanner restart

Check /var/log/maillog to ensure emails are processing afterwards. This should only occur on time after the initial upgrade into cPanel v11.46.

To pre-empt the issue, you could add the above command to /scripts/postupcp

New csf v7.55

Changes:

  • If LF_SELECT is enabled the port(s) listed in PORTS_* can now be specifed as port;protocol,port;protocol, e.g. “53;udp,53;tcp” to allow for protocol specific port blocks. This port format can also now be used in regex.custom.pm  and csf –td/–ta to allow udp port blocks
  • PORTS_bind now defaults to “53;udp,53;tcp” on new installations
  • PORTS_directadmin added for DA installs to allow for per port blocks if LF_SELECT is enabled
  • Ports 993 and 995 now added to TCP_OUT and TCP6_OUT on new installs
  • LF_IPSET taken out of BETA as it is proving stable
  • Modified Server Check to skip checking xinetd on Plesk servers
  • Modified UI_SSL_VERSION for new installations to use the new IO::Socket::SSL default SSL_version setting of SSLv23:!SSLv3:!SSLv2 so that SSLv3 is disabled
  • If systemd is running the installer disables firewalld using systemctl

New csf v7.54

Changes:

  • Added IPv4/IPv6 column to show whether the port in the csf –ports option is listed in *_IN (e.g. TCP_IN)
  • Added IPv4/IPv6 column to show the number of ESTABLISHED connections to the port in the csf –ports
  • Modified Server Check text from “SMTP Tweak” to “SMTP Restrictions” for cPanel/WHM UI
  • Added the following to LF_IPSET for IPv4 IPs and CIDRs: /etc/csf/csf.allow, /etc/csf/csf.deny, GLOBAL_DENY, GLOBAL_ALLOW, DYNDNS, GLOBAL_DYNDNS, MESSENGER. IPv6 IPs, Advanced Allow Filters and temporary blocks use traditional iptables
  • Modified ipset information in csf.conf including that only ipset v6+ is supported
  • Modified ConfigServer::Slurp to carp instead of croak
  • Improvements to Server Check nameserver checking to include IPv6 servers and better determine how many are local nameservers
  • Modified csf –graphs to append a trailing slash if missing to directory name