Block Reporting

Block Report Script

LFD can run an external script when it performs an IP address block. This is done by setting the configuration variable BLOCK_REPORT to a script that must be executable. The following parameters are passed the the script as arguments:

ARG Name Description
1 IP address The IP address or CIDR being blocked
2 ports Port, comma separated list or * for all ports
3 permanent 0=temporary block, 1=permanent block
4 inout Direction of block: in, out or inout
5 timeout If a temporary block, TTL in seconds, otherwise 0
6 message Message containing reason for block
7 logs The logs lines that triggered the block (will contain line feeds between each log line)
8 trigger The configuration settings triggered

LFD launches the BLOCK_REPORT in a forked process which terminates after 10 seconds if not completed by then. It runs under the root account, so great care should be exercised with regard to security of the BLOCK_REPORT script.

Unblock Report Script

LFD can run an external script script when a temporary block is unblocked. UNBLOCK_REPORT can be the full path of the external script which must be executable. The following parameters are passed the the script as arguments:

ARG Name Description
1 IP Address The IP address or CIDR being blocked
2 port* Port, there could be multiple unblocks for each IP

[*] If a port was specified in the initial block.

Related Files

File Description
/etc/csf/csf.conf BLOCK_REPORT UNBLOCK_REPORT configuration options

Related Pages