LFD can run an external script when it performs an IP address block.
This is done by setting the configuration variable BLOCK_REPORT to a script that must be executable.
The following parameters are passed the the script as arguments:
| ARG | Name | Description |
|---|---|---|
| 1 | IP address | The IP address or CIDR being blocked |
| 2 | ports | Port, comma separated list or * for all ports |
| 3 | permanent | 0=temporary block, 1=permanent block |
| 4 | inout | Direction of block: in, out or inout |
| 5 | timeout | If a temporary block, TTL in seconds, otherwise 0 |
| 6 | message | Message containing reason for block |
| 7 | logs | The logs lines that triggered the block (will contain line feeds between each log line) |
| 8 | trigger | The configuration settings triggered |
LFD launches the
BLOCK_REPORTin a forked process which terminates after 10 seconds if not completed by then. It runs under the root account, so great care should be exercised with regard to security of theBLOCK_REPORTscript.
LFD can run an external script script when a temporary block is unblocked.
UNBLOCK_REPORT can be the full path of the external script which must be
executable. The following parameters are passed the the script as arguments:
| ARG | Name | Description |
|---|---|---|
| 1 | IP Address | The IP address or CIDR being blocked |
| 2 | port* | Port, there could be multiple unblocks for each IP |
[*] If a port was specified in the initial block.
| File | Description |
|---|---|
/etc/csf/csf.conf |
BLOCK_REPORT UNBLOCK_REPORT configuration options |