General

Changes:

• Messenger service now supports advanced filter permanent port block redirection

Change aimed at addressing DNS resolver issues:

• Moved resolver ACCEPT rules to the top of the INPUT and OUTPUT chains

Changes:

• Fixed problem where the new LOCALxxPUT chains were only processing tcp requests
• Fixed problem with insertion of SMTP_BLOCK rules exceeding the rule count in the OUTPUT chain under certain circumstances

Changes for v4:

• New feature – Messenger Service. This feature allows the display of a message to a blocked connecting IP address to inform the user that they are blocked in the firewall. This can help when users get themselves blocked, e.g. due to multiple login failures. The service is provided by two daemons running on ports providing either an HTML or TEXT message. See csf.conf and readme.txt for more information
  

For those that have tried the new messenger service with the csf v4 beta, please feel free to post a comment about your experience, good bad or indifferent here 🙂

This update is ONLY to the v4 BETA release of csf.Changes:

• Allow the Messenger Service to be used on VPS servers. However, if the ipt_REDIRECT module is missing csf will fail to start correctly and abort
• HTML Messenger service server now only reads a limited line length instead of unlimited input to prevent overflows

Download available here and requires manual installation:http://www.configserver.com/free/csfv4beta.tgz

This is a BETA release of csf v4.00 which introduces a major new feature and a reworking of the iptables chains and rules. While extensive testing has been done, it is eminently possible that this release may contain bugs. Please do not use this release if you’re not prepared to help troubleshoot the new features and are not familiar with the Linux root shell.For this beta release ONLY, users can log helpdesk tickets ONLY if they find problems with the new features. If this is not adhered to the tickets will simply be closed.Changes:

• New feature – Messenger Service. This feature allows the display of a message to a blocked connecting IP address to inform the user that they are blocked in the firewall. This can help when users get themselves blocked, e.g. due to multiple login failures. The service is provided by two daemons running on ports providing either an HTML or TEXT message. See csf.conf and readme.txt for more information (not available on VPS platforms and others missing the ipt_REDIRECT kernel module)
• Moved INPUT and OUTPUT chain rules for blocks and allows to their own respective chains LOCALINPUT and LOCALOUTPUT. This means that no IP blocks will be listed in the INPUT or OUTPUT chains, but in the new ones
• Re-organised all of the INPUT and OUTPUT chain rules to give precedence to the LOCALINPUT rules before invoking other chains and port ALLOW rules
• Moved the SYNFLOOD protection chain rule to be the first chain rule after the LOCALINPUT chain rule
• Moved the lo device rules to the always be at the top of the INPUT and OUTPUT chains
• Modified the syslog regex matches to only match on local entries to cope with centralised syslog configurations

Download available here and requires manual installation:http://www.configserver.com/free/csfv4beta.tgz