Results 1 to 6 of 6
  1. #1
    Join Date
    Nov 2006
    Posts
    74

    csf / lfd headaches

    First, anyone dislike csf/lfd over apf/bfd? Why? Share your experience. Just curious.

    Second, many legitmate clients get blocked. I don't know what to adjust that I haven't yet. Please help

    csf.conf below

    TESTING = "0"
    TESTING_INTERVAL = "5"
    AUTO_UPDATES = "0"

    ETH_DEVICE = ""
    ETH_DEVICE_SKIP = ""

    TCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,2083,2087,2096,3306"
    TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703"

    UDP_IN = "20,21,53,953"
    UDP_OUT = "20,21,53,113,123,873,953,6277"

    ICMP_IN = "1"
    ICMP_OUT = "1"
    SMTP_BLOCK = "0"
    SMTP_ALLOWLOCAL = "0"
    MONOLITHIC_KERNEL = "0"

    DROP_LOGGING = "1"
    DROP_IP_LOGGING = "0"
    DROP_ONLYRES = "0"
    DROP_NOLOG = "67,68,111,113,135:139,445,513,520,1026,1027,1234,1433,1434,1524,3127"

    PACKET_FILTER = "1"
    VERBOSE = "1"
    DYNDNS = "0"
    ALLOW_RES_PORTS = "1"
    DENY_IP_LIMIT = "100"

    GLOBAL_ALLOW = ""
    GLOBAL_DENY = ""
    LF_GLOBAL = ""

    LF_DAEMON = "1"
    LF_TRIGGER = "0"
    LF_SELECT = "1"

    LF_SSHD = "2"
    LF_FTPD = "10"
    LF_POP3D = "10"
    LF_IMAPD = "10"
    LF_HTACCESS = "0"
    LF_MODSEC = "0"
    LF_CPANEL = "5"
    LF_CSF = "1"
    LF_SSH_EMAIL_ALERT = "1"
    LF_SU_EMAIL_ALERT = "1"

    LF_SCRIPT_ALERT = "0"
    LF_SCRIPT_LIMIT = "100"
    LF_SCRIPT_PERM = "0"
    LF_DIRWATCH = "60"

    LF_DIRWATCH_DISABLE = "0"
    LF_DIRWATCH_FILE = "0"
    LF_INTERVAL = "300"
    LF_PARSE = "5"
    LF_EMAIL_ALERT = "1"

    LT_EMAIL_ALERT = "1"
    LT_POP3D = "0"
    LT_IMAPD = "0"
    LF_DSHIELD = "0"
    LF_DSHIELD_URL = "http://feeds.dshield.org/block.txt"
    LF_SPAMHAUS = "0"
    LF_SPAMHAUS_URL = "http://www.spamhaus.org/drop/drop.lasso"

    CT_LIMIT = "0"
    CT_INTERVAL = "90"
    CT_EMAIL_ALERT = "1"
    CT_PERMANENT = "0"
    CT_BLOCK_TIME = "300"

    PT_LIMIT = "60"
    PT_SKIP_HTTP = "1"
    PT_USERPROC = "0"
    PT_SMTP = "0"

    IPTABLES = "/sbin/iptables"
    MODPROBE = "/sbin/modprobe"
    IFCONFIG = "/sbin/ifconfig"
    SENDMAIL = "/usr/sbin/sendmail"
    NETSTAT = "/bin/netstat"
    PS = "/bin/ps"
    FUSER = "/sbin/fuser"

  2. #2
    Join Date
    Nov 2006
    Posts
    74
    Can someone help? Here is some details / examples

    2095:201.230.157.27 # lfd: 1 (webmail) login failures from 201.230.157.27 - Fri Nov 17 11:18:41 2006
    2096:201.230.157.27 # lfd: 1 (webmail) login failures from 201.230.157.27 - Fri Nov 17 11:18:41 2006
    2095:200.118.144.8 # lfd: 1 (webmail) login failures from 200.118.144.8 - Fri Nov 17 12:16:36 2006
    2096:200.118.144.8 # lfd: 1 (webmail) login failures from 200.118.144.8 - Fri Nov 17 12:16:36 2006
    2082:205.144.227.74 # lfd: 1 (cpanel) login failures from 205.144.227.74 - Fri Nov 17 12:22:27 2006
    2083:205.144.227.74 # lfd: 1 (cpanel) login failures from 205.144.227.74 - Fri Nov 17 12:22:27 2006
    2082:201.228.23.51 # lfd: 1 (cpanel) login failures from 201.228.23.51 - Fri Nov 17 12:30:33 2006
    2083:201.228.23.51 # lfd: 1 (cpanel) login failures from 201.228.23.51 - Fri Nov 17 12:30:33 2006
    2086:201.228.23.51 # lfd: 1 (whm) login failures from 201.228.23.51 - Fri Nov 17 12:35:13 2006
    2087:201.228.23.51 # lfd: 1 (whm) login failures from 201.228.23.51 - Fri Nov 17 12:35:14 2006
    2095:69.79.149.20 # lfd: 1 (webmail) login failures from 69.79.149.20 - Fri Nov 17 13:59:58 2006
    2096:69.79.149.20 # lfd: 1 (webmail) login failures from 69.79.149.20 - Fri Nov 17 13:59:59 2006
    2082:198.68.245.214 # lfd: 1 (cpanel) login failures from 198.68.245.214 - Fri Nov 17 15:27:54 2006
    2083:198.68.245.214 # lfd: 1 (cpanel) login failures from 198.68.245.214 - Fri Nov 17 15:27:54 2006
    20:200.121.200.61 # lfd: 10 (ftpd) login failures from 200.121.200.61 - Fri Nov 17 22:50:41 2006
    21:200.121.200.61 # lfd: 10 (ftpd) login failures from 200.121.200.61 - Fri Nov 17 22:50:41 2006
    20:200.106.40.243 # lfd: 10 (ftpd) login failures from 200.106.40.243 - Sat Nov 18 10:12:22 2006
    21:200.106.40.243 # lfd: 10 (ftpd) login failures from 200.106.40.243 - Sat Nov 18 10:12:22 2006
    2086:219.128.4.208 # lfd: 1 (whm) login failures from 219.128.4.208 - Sat Nov 18 16:30:01 2006
    2087:219.128.4.208 # lfd: 1 (whm) login failures from 219.128.4.208 - Sat Nov 18 16:30:02 2006
    2082:190.40.255.16 # lfd: 1 (cpanel) login failures from 190.40.255.16 - Tue Nov 21 15:27:01 2006
    2083:190.40.255.16 # lfd: 1 (cpanel) login failures from 190.40.255.16 - Tue Nov 21 15:27:02 2006
    2095:201.230.157.86 # lfd: 1 (webmail) login failures from 201.230.157.86 - Tue Nov 21 18:42:58 2006
    2096:201.230.157.86 # lfd: 1 (webmail) login failures from 201.230.157.86 - Tue Nov 21 18:42:58 2006
    2082:200.71.57.233 # lfd: 1 (cpanel) login failures from 200.71.57.233 - Tue Nov 21 19:11:41 2006
    2083:200.71.57.233 # lfd: 1 (cpanel) login failures from 200.71.57.233 - Tue Nov 21 19:11:41 2006

  3. #3
    Join Date
    Dec 2005
    Posts
    3,077
    After using CSF for a while I do still prefer the traditional APF + BFD setup. The interface on CSF is very good however it has caused me more problems than anything else. I have never had any problem with APF and it works well.

  4. #4
    Join Date
    Nov 2006
    Posts
    74
    Can someone kindly paste their apf firewall config including egress? I have to reinstall apf and not 100% sure proper configuration for ports

  5. #5
    if you want to go back to lsf/cfd at any time more than happy to help you with the setup looks like you had it to secure there.
    Last edited by deastwood; 11-23-2006 at 08:35 AM.

  6. #6
    There is a guy in the UK at www.configserver.com called Chirpy. You may have seen him on the forums.cpanel.net forums.

    I note that you are using cPanel. You would do well to install the following from his site:

    http://www.configserver.com/cp/csf.html

    It is an easily manageable install and interface for csf/lfd in WHM and its free. I would hope that you would donate to the guy if you find it useful ... help him to update it and create more of the same!

    HTH

    trout21

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •