cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIX: Add word boundary matching to CSF/iptables IP grep checks

Browse Source 
Apply consistent -w flag to grep commands in verify_ip_blocked()
to prevent partial IP matches (e.g., '1.1.1.1' matching '11.1.1.1').

Lines:
- 1175: csf -t grep check
- 1189: iptables -L grep check

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
This commit is contained in:
cschantz
2026-03-06 22:32:05 -05:00
parent 02f697f4c1
commit 13a7357e12
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/live-attack-monitor-v2.sh
+4 -2
View File
@@ -1172,7 +1172,8 @@ verify_ip_blocked() {
# Check CSF temporary blocks
if command -v csf &>/dev/null; then
if csf -t 2>/dev/null | grep -q "$ip"; then
# CRITICAL FIX: Use -w flag for word boundary matching
if csf -t 2>/dev/null | grep -q -w "$ip"; then
return 0
fi
@@ -1186,7 +1187,8 @@ verify_ip_blocked() {
# Check iptables directly
if command -v iptables &>/dev/null; then
if iptables -L INPUT -n 2>/dev/null | grep -q "$ip"; then
# CRITICAL FIX: Use -w flag for word boundary matching
if iptables -L INPUT -n 2>/dev/null | grep -q -w "$ip"; then
return 0
fi
fi