csf

Changes:

• New Feature: CloudFlare Firewall integration. This feature provides blocking and unblocking functionality with the CloudFlare Firewall from within lfd, together with new CLI commands for direct access. See documentation for CF_ENABLE in csf.conf, information in readme.txt as well as the csf man page
• Added UI elements for CloudFlare Firewall integration
• New CLI command –trace [ip]. This replaces the –w, –watch CLI command to Log SYN packets for an IP across iptables chains by using the iptables TRACE module
• New Feature: Check the size of the ModSecurity IP D/B. This option will send an alert if the ModSecurity IP persistent storage grows excessively large. This is enabled on cPanel by default. See csf.conf for more information
• New Feature: Allow use of comma separated list of ports in Advanced Allow/Deny Filters
• WATCH_MODE in csf.conf and –w, –watch CLI commands removed in favour of the new –trace [add/remove] [ip] CLI command
• Restrict the scope of Perl shebang replacement when installing on cPanel servers
• Modifications and fixes for the example MESSENGERV2 templates
• Ensure /proc/sys/net/netfilter/nf_conntrack_helper is enabled at startup to allow connection tracking to continue working on newer kernels
• Stop needlessly setting <head> and <body> elements in Ajax returns
• Various corrections and updates to readme.txt
• Tweaks to the Mobile View UI button arrangement and spacing

Changes:

• CSS change to UI configuration page
• Remove refresh timer from UI log file grep

Changes:

• On webmin servers, added csf.body file to UI skinning (STYLE_CUSTOM). See readme.txt for more information

Changes:

• On cPanel servers, ensure that the csf driver for WHM is removed on uninstall
• Added hooks for upcoming cxs IP Reputation Service
• On non-cPanel servers, added csf.htmltag and csf.bodytag files to UI skinning (STYLE_CUSTOM). See readme.txt for more information
• MESSENGERV2 released as stable on cPanel servers. This uses the Apache http daemon to provide the web service for MESSENGER HTML and HTTPS
• Additions to csf.logignore on new installs
• Added IPv6 support to BLOCKLISTS
• Added Spamhaus DROPv6 and Stop Forum Spam IPv6 blocklists to csf.blocklists
• Removed Spamcannibal and added all.s5h.net from/to csf.rbls
• Fixed issues with IPv6 rule creation attempts when IPV6 disabled
• Automatically enable WAITLOCK on initial installation if supported

Changes:

• Fixed issue with the ModSecurity regex modification in v10.20

Changes:

• Ensure /etc/logrotate.d/lfd is overwritten on upgrade

Changes:

• Prevent lfd logrotate from erroring if log files missing
• Modified Apache ModSecurity regex to cater for changes in logging format on cPanel servers with ModSecurity v2.9.2
• Modified Apache cxs regex to cater for changes in logging format on cPanel servers with
• ModSecurity v2.9.2
• Ensure destination files are owned by root during installation

Changes:

• MESSENGERV2: Take a copy of the live certs and keys and use these in csf.messenger.conf to work around changing filenames for keys and certs when they are regenerated which causes httpd to fail. This is done each time lfd restarts
• Added CLI option csf –mregen: MESSENGERV2 /etc/apache2/conf.d/csf_messenger.conf regeneration. This will also gracefully restart httpd

Changes:

• Stability improvements to the UI daemon
• Fixed MESSENGER log entry spelling

Changes:

• Prevent Cluster and UI daemons from terminating the main process if they themselves terminate
• Modify Cluster and UI daemons to restart if they are stopped or fail
• Modify Cluster and UI daemons to be more verbose about reasons for stopping
• Fixed typos in readme.txt and csf.conf
• Added MESSENGER child logging to /var/log/lfd_messenger.log, also for MESSENGERV2 via a new index.recaptcha.php
• Modified logrotate configuration to include /var/log/lfd_messenger.log