Added new option SMTP_ALLOWLOCAL to allow local connections to port 25 for web scripts, etc, if SMTP_BLOCK is enabled
Added check to csf startup to fail if “WHM > Tweak Security > SMTP Tweak” is enabled otherwise it can break SMTP traffic completely. The SMTP_BLOCK and SMTP_ALLOWLOCAL options in csf.conf should be used instead
Added automatic throttling code to help prevent lfd using excessive resources. Currently only added for LF_DIRWATCH and PT_INTERVAL. If the sub process takes too long to run, the interval between its next run is increased temporarily (for the duration lfd runs for, a restart will reset it) and will continue to extend this time to prevent excessive server load. However, it will also proportionately increase the time given for the sub process to complete so that it can at least attempt to get the check done. If you see throttling messages appearing in the lfd.log you should consider increasing the process interval as indicated permanently (i.e. within csf.conf)
New feature – User Process Tracking. This option enables the tracking of the number of process any given cPanel account is running at one time. If the number of processes exceeds the value of the PT_USERPROC setting an email alert is sent with details of those processes. A user is only reported once, so lfd must be restarted to reinstate checking of all users. If you specify a user in csf.pignore it will be ignored. The alert file is useralert.txt
Added useralert.txt for editing through the WHM UI
Added PT_USERPROC to the Firewall Security Level settings
Fixed a mis-configuation for outgoing global deny rule – Thanks to Marie from Jagwire Hosting
Allow advanced allow and block filters using the -a and -d options when running csf in CLI
Added new option LF_SELECT. If you have LF_TRIGGER set to “0” and the application trigger levels set, you can now set LF_SELECT to “1” if you only want to block IP access to that application instead of a complete block
Changed installer behaviour to only add SSH port to TCP_IN if TESTING is set to “1” – done to help those that don’t want to always have the SSH port opened
Modified lfd init procedure to use the init functions
Modified behaviour of LF_TRIGGER. If LF_TRIGGER is set to “0” then lfd will instead trigger blocks based on the value of the application trigger, e.g. if LF_MODSEC is set to “3” then it will trigger on 3 mod_security alerts. Or if LF_POP3D is set to “10” then it will trigger on 10 pop3d login failures. When in this mode, i.e. with LF_TRIGGER set to “0”, login failures for different triggers are not cumulative, whereis LF_TRIGGER set to a number > “0” they are cumulative as before
Modification to csf.conf to reflect the changes to LF_TRIGGER – only applied to new installations
Rewrite of the iptables command invocation in lfd.pl to trap iptables errors and shutdown firewall if any found – should help prevent lockouts
Allow advanced rules in Global Allow and Deny lists. Input and Output direction support included.
Added Global Allow and Deny lists to the OUTPUT chain as well as the INPUT chain
Added csf.signore where you can list scripts for LF_SCRIPT_ALERT to ignore. Updated WHM UI to allow easy file edits
Fixed a problem on some installations where the update process emptied out csf.conf. If this has happened, you will need to remove /etc/csf/csf.conf and then rerun the installation procedure and reconfigure the firewall. If you’re already running at least v2.18 you can probably simply restore /etc/csf/csf.conf.preupdate to csf.conf and then upgrade to this release