If LF_SELECT is enabled the port(s) listed in PORTS_* can now be specifed as port;protocol,port;protocol, e.g. “53;udp,53;tcp” to allow for protocol specific port blocks. This port format can also now be used in regex.custom.pm and csf –td/–ta to allow udp port blocks
PORTS_bind now defaults to “53;udp,53;tcp” on new installations
PORTS_directadmin added for DA installs to allow for per port blocks if LF_SELECT is enabled
Ports 993 and 995 now added to TCP_OUT and TCP6_OUT on new installs
LF_IPSET taken out of BETA as it is proving stable
Modified Server Check to skip checking xinetd on Plesk servers
Modified UI_SSL_VERSION for new installations to use the new IO::Socket::SSL default SSL_version setting of SSLv23:!SSLv3:!SSLv2 so that SSLv3 is disabled
If systemd is running the installer disables firewalld using systemctl
Added IPv4/IPv6 column to show whether the port in the csf –ports option is listed in *_IN (e.g. TCP_IN)
Added IPv4/IPv6 column to show the number of ESTABLISHED connections to the port in the csf –ports
Modified Server Check text from “SMTP Tweak” to “SMTP Restrictions” for cPanel/WHM UI
Added the following to LF_IPSET for IPv4 IPs and CIDRs: /etc/csf/csf.allow, /etc/csf/csf.deny, GLOBAL_DENY, GLOBAL_ALLOW, DYNDNS, GLOBAL_DYNDNS, MESSENGER. IPv6 IPs, Advanced Allow Filters and temporary blocks use traditional iptables
Modified ipset information in csf.conf including that only ipset v6+ is supported
Modified ConfigServer::Slurp to carp instead of croak
Improvements to Server Check nameserver checking to include IPv6 servers and better determine how many are local nameservers
Modified csf –graphs to append a trailing slash if missing to directory name
Added new BETA options LF_IPSET, IPSET. Use ipset for CC_* and csf.blocklist bulk list matching. See csf.conf for more info
Added new UI option to view ports on the server that have a running process behind them listening for external connections
Added new CLI option (csf -p, csf –ports) to view ports on the server that have a running process behind them listening for external connections
Added new CLI option (csf –graphs) to Generate System Statistics html pages and images for a given graph type into a given directory. See ST_SYSTEM for requirements
If using DYNDNS and the FQDN has multiple A records then all IP addresses will now be allowed
IPv6 support added to DYNDNS. Requires the Perl module Socket6 from cpan.org to be installed
On DA servers, if LF_DIRECTADMIN is enabled, DIRECTADMIN_LOG_* will be scanned for login failures to Roundcube, SquirrelMail and phpMyAdmin if installed and logging enabled via CustomBuild v2+. Failures will contribute to the LF_DIRECTADMIN trigger level for that IP
On DA servers, FTPD_LOG now defaults to /var/log/messages on new installs
Added exe:/usr/libexec/dovecot/anvil to csf.pignore for new installs on DA
Added to UI count of entries in /etc/csf/csf.allow
Added blocklist.de to csf.blocklists for new installs, latest file copied to /etc/csf/csf.blocklists.new on existing installs
Started moving common functions to separate modules within csf
HTTP::Tiny upgraded to v0.050
Fixed csf stop/start routines on reboot for servers using systemd
Modified integrated UI to display die errors to browser
Modified X_ARF report to use a self-published schema: http://download.configserver.com/abuse_login-attack_0.2.json
Modified X_ARF to lowercase the Source-Type field
Modified X_ARF template to use the v0.2 “X-XARF: PLAIN” header field
