cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e3cf8514dfea242ebddc0715eb6889d86fe9b057
Linux-Server-Management-Too…/modules
T
History
cschantz e3cf8514df CRITICAL FIX: Always use CSF's chain_DENY ipset for blocking 
Issue: Script was creating its own temporary ipset when CSF's chain_DENY
existed but didn't support timeouts. This caused IPs to be blocked in a
separate ipset instead of CSF's official blocking list.

Fix: Restructured IPset initialization to ALWAYS prefer CSF's chain_DENY
- chain_DENY exists → Use it (the authoritative CSF blocking ipset)
- chain_DENY doesn't exist → Create temporary ipset as fallback
- No ipset available → Fall back to CSF -td command

Benefits:
- All IPs blocked go to CSF's chain_DENY (standard blocking mechanism)
- CSF configuration/UI sees all blocks
- Better integration with CSF's deny list management
- 70+ IPs/sec can now be properly added to the known CSF block ipset

Testing:
- Verified ipset list chain_DENY detection
- Syntax validated
- Backward compatible with ipset without timeout support

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
2026-03-06 22:07:13 -05:00
..
backup
FIX: Remove unnecessary press_enter after step 5 dump failure
2026-02-27 21:56:26 -05:00
diagnostics
Fix AWK-UNINIT issues by initializing variables in BEGIN blocks
2026-02-07 02:49:57 -05:00
email
Standardize mail-log-analyzer.sh menu validation and colors
2026-02-17 18:41:11 -05:00
maintenance
Fix HIGH priority issues: paths, globs, deps, wordsplit
2026-01-02 17:21:19 -05:00
performance
Fix batch analyzer to flag domains needing optimization increases
2026-02-19 00:05:07 -05:00
security
CRITICAL FIX: Always use CSF's chain_DENY ipset for blocking
2026-03-06 22:07:13 -05:00
website
CRITICAL FIX: Implement persistent menu loop returning to menu after operations
2026-03-05 21:59:41 -05:00