Security 10809 Published by

ConfigServer has released a new version of their powerful CSF firewall for Linux servers



Here a list of the changes:

- Additional entries in csf.pignore for the cPanel installation to cater for v11.36 processes on new installations
- Added workaround for cPanel /etc/cpupdate.conf check in Server Report for changes in v11.36
- Additional entries in csf.logignore on new installations
- Try harder to get a CPU temperature if lm_sensors is installed for System Statistics
- Enforce PORTFLOOD setting restrictions and issue warning if entry discarded
- Correct location of CC_ALLOWF in LOCALINPUT after update from lfd
- Make CC_[chain] actions more verbose in lfd.log
- Added new options CC_ALLOW_PORTS, CC_ALLOW_PORTS_TCP, CC_ALLOW_PORTS_UDP. This feature allows access from the countries listed in CC_ALLOW_PORTS to listed TCP/UDP ports. For example, using this FTP access port 21 could be restricted to only the specified countries
- Moved temporary and csf.allow/csf.deny rules from LOCALINPUT/LOCALOUTPUT chains to ALLOWIN/ALLOWOUT to allow for the new CC_ALLOW_PORTS feature
- Modified SMTP_PORTS to include ports 465 and 587 on new installations
- Added new option PT_FORKBOMB. Fork Bomb Protection. This option checks the number of processes with the same session id and if greater than the value set, the whole session tree is terminated and an alert sent

  CSF 5.74 released