If you want any further info on this popular fork, join his Discord channel. He's very responsive and helpful. There's a few guys there that know the ins and outs of it all so maybe pop across there for a quick chat? And always test it out on a non production server first with data that's not important, or a copy of something you'll be running.I believe CSF firewall was donated to the open source community, there are a few projects but I believe the official project can be found here:
GitHub - Aetherinox/csf-firewall: ConfigServer Security & Firewall (CSF) - Robust linux iptables/nftables firewall & free ipset blocklist service.
ConfigServer Security & Firewall (CSF) - Robust linux iptables/nftables firewall & free ipset blocklist service. - Aetherinox/csf-firewallgithub.com
Documentation here:
ConfigServer Firewall - ConfigServer Security & Firewall
docs.configserver.dev
CSF Firewall Situation
- Thread starter nightstryke
- Start date
Richard G
Verified User
Yes that's the fun of still using CSF. We have the CSF clustering option in place, if one gets blocked on 1 server, they get blocked on almost all servers (the ones we want added in the cluster).
However I do understand wht you're saying. But using an attack with another ip can always be done, as we've seen in the past from flood attacks coming from 1000's of ip's but one at a time so it would not be seen as flood attack.
CSF can also use community blocklists, so that might not be that different than Crowdsec. Exactly these kind of things were what I liked and still like about CSF. It's still working great and has all kinds of options.
The only problem is the future, something which will be fully nftables compatible and if possible something to replace ipset. Or indeed a complete other system which can use all of this.
This is already possible if I'm not mistaken.
I'm using a hookscript myself where a BMF block triggers a script which creates a CSF block.