csf

New changes for v1.97:

• Tightened DNS port 53 connections in accordance with:http://www.oreillynet.com/pub/a/network/excerpt/dnsbindcook_ch07
• Moved no log dropping to the end of the chains
• Moved allowed IP’s to before Block Lists

Be aware of the upgrade issues in v1.93 and v1.94:http://configserver.com/blog/index.php?itemid=84

• 1.95
  

New version with some changes and bugfixes:

• Fixed problem where external resolvers were being used and responses from them were being dropped because they were coming back on ephemeral ports – added a scan of /etc/resolv.conf and external nameservers now have whitelisted source port 53 to ephemeral ports
• Drop logging of failed attempts to access port 53 so they don’t consume syslog
• Moved update from /tmp do /usr/src

Added a new feature for v1.89:

• Added Pre-configured settings for Low, Medium or High firewall security to WHM UI

A major enhancement for v1.86:

• Modified lfd connection tracking to drop udp as well as tcp packets when blocking
• Added support for the DShield Block List with LF_DSHIELD – http://www.dshield.org/block_list_info.php See csf.conf for more information
• Added support for the Spamhaus DROP List with LF_SPAMHAUS – http://www.spamhaus.org/drop/index.lasso See csf.conf for more information

Minor changes for v1.85

• Workaround for spam PT false-positives
• Added exe:/usr/bin/spamc to csf.pignore
• Added csf version to title bar in WHM

New version with the following change:

• 1.84
  

Latest version supports iptables in the latest 2.6+ kernel that use xt_iptables:

• 1.81
  

New in this release:

• Added new feature to send an alert email if su is used to login from one account to another. Alerts are sent whether the
  

A few bugfixes:

• 1.76