General

Changes:

• Modified csf.tempban processing code in lfd to perform more stringent file locking to preserve temporary bans if lfd is writing during shutdown
• Modified Port Scan tracking of IP’s to not attempt multiple blocks on the same IP address in the same log line processing batch
• Fixed broken timestamp in lfd.log for dates < 10th of the month
• Various code modifications to improve performance and stability

Anyone running v4.18 of csf should upgrade ASAP to v4.19 as the deadlock situation could lead to lfd hangingChanges:

• Reverted the tied file changes as they were causing a deadlock situation locking csf.tempban
• Improved the process tracking detection of deleted executables of running processes

Changes:

• Modified temporary IP address storage to use a tied file to preserve temporary bans if lfd is writing during shutdown

Changes:

• Replaced the use of backticks in csf, lfd and the WHM UI with calls to IPC::Open3
• Various lfd and csf code improvements and tidy up
• Ensure lfd parent dies cleanly on error
• Debug information improved and timer modified to use Time::HiRes for more accuracy

We have confirmed that generic csf works on:Ubuntu v8.10Mandriva 2009Adding these two to the supported OS list.

We have confirmed that generic csf works on:openSUSE v11Debian v4.0Adding these two to the supported OS list.

Changes:

• Fixed a problem in v4.* where use of GALLOW and ALLOWDYN was allowing connections from blocked IP addresses in csf.deny or temporary blocks. The GALLOW, GDENY and ALLOWDYN chains have been split into GALLOWIN, GALLOWOUT, GDENYIN, GDENYOUT, ALLOWDYNIN and ALLOWDYNOUT to correct this. Many thanks to Brian for his help in tracking this issue down.

Changes:

• Updated various comments in csf.conf
• Fixed call to csfpost.sh from csf