Security 10817 Published by

ConfigServer has released a new major version of their CSF firewall for Linux servers



Changes:

- Major new option - FASTSTART:

This option uses IPTABLES_SAVE, IPTABLES_RESTORE and IP6TABLES_SAVE, IP6TABLES_RESTORE in two ways:

1. On a clean server reboot the entire csf iptables configuration is saved and then restored, where possible, to provide a near instant firewall startup during the boot sequence

2. On csf restart or lfd reloading tables, CC_* as well as SPAMHAUS, DSHIELD, BOGON, TOR are loaded using this method in a fraction of the time than if this setting is disabled

Not supported on all OS platforms

FASTSTART allows for very quick startup at reboot and during uptime. If the Country Code blocking options (CC_*) are used, their tables are loaded by csf and lfd almost instantly, compared to many minutes for large countries previously

FASTSTART is enabled on new installations (or those in TESTING mode). Existing installations will need to enable it manually

Other Changes:

- Improvements to csf and lfd init routines

- LF_QUICKSTART renamed to LFDSTART, setting value preserved

- Fixed a problem with scheduled Server Security Check reports

- Crypt::CBC upgraded to v2.32
  CSF 6.00 released