Added support for GeoLite2 databases from Maxmind for CC_*. These databases are significantly larger than the soon to be deprecated GeoLite ones stored in /var/lib/csf/
Added support for GeoLite2 databases from Maxmind for CC_LOOKUPS and CC6_LOOKUPS
Added new option: CC_OLDGEOLITE. This option is enabled by default to continue using the old GeoLite databases. See csf.conf for more information. This option will be removed in the near future so that all installations use the new GeoLite2 databases
GeoLite2 lookups now use the CSV files instead of the formatted Data files because the Perl dependencies for the MaxMind Perl modules that access the Data files are prohibitively excessive. We have developed our own fast binary search module to perform the required lookups on the CSV files for both IPv4 and IPv6
An advantage of the new GeoLite2 databases is that IPv6 lookups can now be done to the same level as IPv4: Country Code; Country; Region; City; ASN
Unified storage of GeoLite2 database to avoid duplication between CC_LOOKUPS and CC_* databases
Added new CC_LOOKUPS value of “4”. This option does not use the MaxMind databases directly for lookups. Instead it uses a URL-based lookup from a third-party provider at https://freegeoip.net and so avoids having to download and process the large databases. See csf.conf for more information and limitations
Modified CC_INTERVAL default to 14 days on new installations
Ensure MESSENGERV2 service will not start if using a valid cPanel account in MESSENGER_USER (must be non-cPanel account)
Create entry in /etc/aliases for “csf” if MESSENGERV2 is enabled on cPanel servers to reserve the account name
Added new feature: DOCKER support. This configures iptables rules to allow Docker containers to communicate through the host. This is currently in BETA testing. See csf.conf for more information. Thanks to Marcele for the rules
Removed redundant nat table check for ip6tables in Config.pm
Added missing WAITLOCK to iptables when processing advanced port filters in csf and lfd and checking csf status in UI
Added WAITLOCK, if enabled, to iptables-restore commands during FASTSTART
Server Check Report – removed ini_set check as so many scripts use ini_set nowadays. Updated text on various checks
Updated the postfix SMTP AUTH regex
Added new SSHD “maximum authentication attempts exceeded” regex
Set basic PATH before running csfpre.sh/csfpost.sh to avoid binary location issues
csf now runs csfpre.sh/csfpost.sh directly without forcing it through /bin/sh. If present, csf chmods the script 0700 and checks for a shebang. If the shebang is missing #!/bin/bash is added to the top. The script is then run
Added seventh parameter to regex.custom.pm to allow Cloudflare blocking if a CUSTOM regex is triggered (see latest regex.custom.pm in distro)
Rearranged UI tabs and shortened tab names. Moved quick actions to the top of the “csf” tab pane
Added “AUTH command used when not advertised” to the LF_EXIMSYNTAX regex check
Added new csf CLI cluster option: -ci, –cignore ip [comment] This will add the IP to each remote /etc/csf/csf.ignore member and then restart lfd. This has also been added to the UI
Fixed cluster grep output in UI
Modified MESSENGERV2 to support combined certificates+keys in cPanel v68+
Added triggered setting and, if applicable, temporary TTL to the “Blocked:” status in block alert emails
Added “wildcard” option to “Search System Logs” UI to use ZGREP to search the specified log with a wildcard suffix
ZGREP option added to csf.conf which must point to the zgrep binary
Added git binaries to csf.pignore on cPanel servers for upcoming v72/74 features
Added new configuration option LF_APACHE_ERRPORT. This option is used to determine if the Apache error_log format contains the client port after the client IP. By default it is set to autodetect
New Feature: CloudFlare Firewall integration. This feature provides blocking and unblocking functionality with the CloudFlare Firewall from within lfd, together with new CLI commands for direct access. See documentation for CF_ENABLE in csf.conf, information in readme.txt as well as the csf man page
Added UI elements for CloudFlare Firewall integration
New CLI command –trace [ip]. This replaces the –w, –watch CLI command to Log SYN packets for an IP across iptables chains by using the iptables TRACE module
New Feature: Check the size of the ModSecurity IP D/B. This option will send an alert if the ModSecurity IP persistent storage grows excessively large. This is enabled on cPanel by default. See csf.conf for more information
New Feature: Allow use of comma separated list of ports in Advanced Allow/Deny Filters
WATCH_MODE in csf.conf and –w, –watch CLI commands removed in favour of the new –trace [add/remove] [ip] CLI command
Restrict the scope of Perl shebang replacement when installing on cPanel servers
Modifications and fixes for the example MESSENGERV2 templates
Ensure /proc/sys/net/netfilter/nf_conntrack_helper is enabled at startup to allow connection tracking to continue working on newer kernels
Stop needlessly setting <head> and <body> elements in Ajax returns
Various corrections and updates to readme.txt
Tweaks to the Mobile View UI button arrangement and spacing
