New csf v4.00 *BETA*

This is a BETA release of csf v4.00 which introduces a major new feature and a reworking of the iptables chains and rules. While extensive testing has been done, it is eminently possible that this release may contain bugs. Please do not use this release if you’re not prepared to help troubleshoot the new features and are not familiar with the Linux root shell.For this beta release ONLY, users can log helpdesk tickets ONLY if they find problems with the new features. If this is not adhered to the tickets will simply be closed.Changes:

  • New feature – Messenger Service. This feature allows the display of a message to a blocked connecting IP address to inform the user that they are blocked in the firewall. This can help when users get themselves blocked, e.g. due to multiple login failures. The service is provided by two daemons running on ports providing either an HTML or TEXT message. See csf.conf and readme.txt for more information (not available on VPS platforms and others missing the ipt_REDIRECT kernel module)
  • Moved INPUT and OUTPUT chain rules for blocks and allows to their own respective chains LOCALINPUT and LOCALOUTPUT. This means that no IP blocks will be listed in the INPUT or OUTPUT chains, but in the new ones
  • Re-organised all of the INPUT and OUTPUT chain rules to give precedence to the LOCALINPUT rules before invoking other chains and port ALLOW rules
  • Moved the SYNFLOOD protection chain rule to be the first chain rule after the LOCALINPUT chain rule
  • Moved the lo device rules to the always be at the top of the INPUT and OUTPUT chains
  • Modified the syslog regex matches to only match on local entries to cope with centralised syslog configurations

Download available here and requires manual installation:http://www.configserver.com/free/csfv4beta.tgz