Software 42240 Published by

ConfigServer has released a new version of their CSF firewall for Linux servers



Changes:

Added support for GeoLite2 databases from Maxmind for CC_*. These databases are significantly larger than the soon to be deprecated GeoLite ones stored in /var/lib/csf/
Added support for GeoLite2 databases from Maxmind for CC_LOOKUPS and CC6_LOOKUPS
Added new option: CC_OLDGEOLITE. This option is enabled by default to continue using the old GeoLite databases. See csf.conf for more information. This option will be removed in the near future so that all installations use the new GeoLite2 databases
GeoLite2 lookups now use the CSV files instead of the formatted Data files because the Perl dependencies for the MaxMind Perl modules that access the Data files are prohibitively excessive. We have developed our own fast binary search module to perform the required lookups on the CSV files for both IPv4 and IPv6
An advantage of the new GeoLite2 databases is that IPv6 lookups can now be done to the same level as IPv4: Country Code; Country; Region; City; ASN
Unified storage of GeoLite2 database to avoid duplication between CC_LOOKUPS and CC_* databases
Added new CC_LOOKUPS value of “4”. This option does not use the MaxMind databases directly for lookups. Instead it uses a URL-based lookup from a third-party provider at https://freegeoip.net and so avoids having to download and process the large databases. See csf.conf for more information and limitations
Modified CC_INTERVAL default to 14 days on new installations
Ensure MESSENGERV2 service will not start if using a valid cPanel account in MESSENGER_USER (must be non-cPanel account)
Create entry in /etc/aliases for “csf” if MESSENGERV2 is enabled on cPanel servers to reserve the account name
Added new feature: DOCKER support. This configures iptables rules to allow Docker containers to communicate through the host. This is currently in BETA testing. See csf.conf for more information. Thanks to Marcele for the rules
Removed redundant nat table check for ip6tables in Config.pm
Replaced all remaining bareword file handles
  CSF 12.00 released