Security 10816 Published by

ConfigServer has released CSF 5.60



Changes:

- Added new options to include the Spamhaus Extended DROP list. These additional netblocks are included in the main Spamhaus chain. The feature uses LF_SPAMHAUS_EXTENDED and LF_SPAMHAUS_EXTENDED_URL which are enabled by default, but used only if LF_SPAMHAUS is enabled. To force a reload of the SPAMHAUS list to include the Extended list, delete /etc/csf/csf.spamhaus file after upgrading to this version and then restart lfd

- Added new options to allow blocking of TOR Bulk Exit nodes. This works in the same manner as the LF_SPAMHAUS and LF_DSHIELD options. The feature uses LF_TOR and LF_TOR_URL and is disabled by default. Warning: This could block legitimate users who are trying to protect their anonymity, so use with caution

- Fix LF_NETBLOCK to skip IPv6 addresses as it is unsupported as has long been stated in csf.conf

- Added missing html elements in UI

- Added unblock button to UI IP searches when results is either in csf.deny or a temporary block

- Implemented a locking system to mitigate iptables stability issues when loading concurrent iptables chains in lfd

- Fixed bug in the display of the 30 days ST_SYSTEM stats

- Added new option ST_SYSTEM_MAXDAYS. This allows you to define the maximum number of days of stats to collect (default 30 days)

- Increased stats graph sizes

- Added CIDR checking of csf.allow to the CLI command csf --deny

- Added checking of csf.ignore to the CLI command csf --deny
  CSF 5.60 released