Set scripts (.pl,.cgi,.php,.sh,.py) in /etc/csf/ to chmod 700
Simplified PACKET_FILTER rules for dropping INVALID connection tracking states. This feature now only applies a single rule for incoming INVALID packets
DROP_PF_LOGGING enabled by default on new installs
INVALID added as an option to PS_PORTS so that PACKET_FILTER logs will be ignored by Port Scan Tracking by default, but can be added if desired
Modified ST_ENABLE locking
Regex updates to cater for Plesk 12 – thanks to Marcel Evenson
Fixed issue with temporary allow/deny comment not being parsed correctly when port * specified
Added new option LF_DIST_ACTION. If LF_DISTFTP or LF_DISTSMTP is triggered, then if LF_DIST_ACTION is a path to a script, it will run the script and pass arguments to it. See csf.conf for more info
Added limit check on VPS servers when using FASTSTART to ensure there are sufficient numiptents available for all of the iptables rules in that block
Modified SMTPAUTH_RESTRICT to add ::1 as a standalone IP to /etc/exim.smtpauth
Fixed LF_BIND – BIND_LOG was not being added to the log list to watch
On DirectAdmin servers, added new feature LF_DIRECTADMIN. This option scans DIRECTADMIN_LOG for failed logins and blocks accordingly
Added new option DROP_UID_LOGGING which allows UID logging to be disabled for outgoing connections. This option is enabled by default and can be disabled on OS’s that do not support –log-uid
Preupgrade copy of csf.conf now created in /var/lib/csf/backup/ for use with the csf –profile option
Updates to sanity.txt for new options
Modified DSHIELD blocklist URL from feeds.dshield.org/block.txt to www.dshield.org/block.txt for new and existing installs
New feature SMTPAUTH_RESTRICT – This option will only allow SMTP AUTH to be advertised to the IP addresses listed in /etc/csf/csf.smtpauth on EXIM mail servers. The additional option CC_ALLOW_SMTPAUTH can be used with this option to additionally restrict access to specific countries. See csf.conf and readme.txt for more information
New FASTSTART procedures in csf and lfd to centralise functions and add error reporting
FASTSTART added to GLOBAL_ALLOW, GLOBAL_DENY, GLOBAL_DYNDNS, csf.deny, csf.allow, Port Settings, PACKET_FILTER, DROP_NOLOG, SMTP Block, DNS
Remove duplicate IP addresses from individual blocklists
Remove duplicate IP addresses (not CIDRs) across blocklists as they are newly retrieved
Ensure /usr/local/bandmin/bandminstart exists and is executable on cPanel servers before using it
Removed MySQL version check as it is currently redundant from Server Report
Improve Net::CIDR::Lite use integrity to prevent unnecessary lfd failures
Ensure GeoIPCountryWhois.csv is removed before processing a new d/b download
Add /etc/csf/csf.smtpauth to UI if SMTPAUTH_RESTRICT is enabled
Fixed issue with IPv6 generation of SMTP_ALLOWUSER rules
