Added new option DROP_OUT which is set to “REJECT” by default. This option sets the default target for blocked outgoing ports. See csf.conf for more information
Added improved detection of xtables lock and recommend enabling WAITLOCK on error
Improved csf down detection when xtables lock in effect and WAITLOCK is not enabled
Added cpanel.allow and cpanel.ignore Include files for the cPanel authentication servers. These are included on new installations and added to existing files on cPanel installations
If running cPanel 1:1 NAT, use the contents of /var/cpanel/cpnat to whitelist/ignore the external IP addresses
Added workaround for adding superusers listed in /etc/csf/csf.syslogusers to the RESTRICT_SYSLOG_GROUP if the log socket is not accessed via the owner permissions
Changes for cPanel v64 template
Updated text description in csf.dirwatch for new installs