General

Changes:

• Fixed issue with temporary allow/deny when issued through the UI

Changes:

• Reverted PACKET_FILTER rule changes
• OPEN added as an option to PS_PORTS so that TCP_IN and UDP_IN ports will be ignored by Port Scan Tracking by default, but can be added if desired

Changes:

• DROP_PF_LOGGING disabled by default on new installs as enabling by default will just cause confusion

Changes:

• Removed debugging code from Port Scan Tracking

Changes:

• Set scripts (.pl,.cgi,.php,.sh,.py) in /etc/csf/ to chmod 700
• Simplified PACKET_FILTER rules for dropping INVALID connection tracking states. This feature now only applies a single rule for incoming INVALID packets
• DROP_PF_LOGGING enabled by default on new installs
• INVALID added as an option to PS_PORTS so that PACKET_FILTER logs will be ignored by Port Scan Tracking by default, but can be added if desired
• Modified ST_ENABLE locking
• Regex updates to cater for Plesk 12 – thanks to Marcel Evenson
• Fixed issue with temporary allow/deny comment not being parsed correctly when port * specified

Changes:

• Modified lfd to silently drop ST_ENABLE lock queue entries unless DEBUG is enabled
• Modified ST_ENABLE logging to append to data file and only truncate when needed

Changes:

• Added locking to ST_ENABLE and ST_SYSTEM to prevent child process queues

Changes:

• Fix SMTPAUTH_RESTRICT where IPv6 addresses need to be quoted for exim