General

Changes:

• Added progress information to LWP downloads within csf
• Added numiptent checking for VPS servers. csf will flush iptables and lfd will stop blocking IP’s if numiptent is nearly depleted. This should help prevent VPS lockouts due to insufficient server resources. If this happens, you will either need to reduce the number of iptables rules (e.g. disable Block List usage) or have the VPS provider increase numiptent. A value of ~700-1000 should be fine for most SPI firewall applications with full Block List configuration
• Added support for the BOGON List (Block List) with LF_BOGON – http://www.cymru.com/Bogons/ See link and csf.conf for more information
• Enhanced the cpanel.net lookup for httpdupdate.cpanel.net to workaround the lack of rDNS PTR records
• Fixed problem with RELAYHOSTS not working
• Removed use of the replace binary

Changes:

• Improved the cPanel version check for < v11 and whether up to date
• Added new CLI option -t (–temp) which lists the temporary IP bans and the TTL before the IP is flushed from iptables
• Added “View Temporary IP Bans” to WHM UI
• Changed WHM UI lfd Log auto-refresh default to unchecked
• Added regex for dovecot “Aborted login” messages in /var/log/maillog
• Added support for displaying mod_security v2 logs in WHM UI

Changes:

• Added Fedora Core v6 to the obsolete OS check
• Added php v4 check
• Added apache v2.2 check
• Added Perl v5.8.8 check
• Added cPanel v11 check
• Modified Sys::Syslog use to utilise the ndelay and nofatal options
• Added new option GLOBAL_IGNORE which makes lfd ignore IP’s listed in a globally located ignore file
• Modified Connection Tracking so that lfd doesn’t block IP addresses that resolve to *.cpanel.net (to prevent CT_LIMIT being triggered during a upcp upgrade of cPanel)
• Added new option CT_STATES to Connection Tracking so that you can specify which connection states you want to count towards CT_LIMIT, e.g. SYN_RECV