The messenger service displays a message to inform the user that their IP address has been blocked by the firewall. Temporary and/or permanent deny IP addresses can be serviced by this feature. This can help when users get themselves blocked, e.g. due to multiple login failures. This service uses two separate daemons running on different ports providing either an HTML or TEXT message to be displayed to the user.
• The messenger service does not support showing a message for any GLOBAL or BLOCK deny lists.
• The messenger service does not support SSL connections.
• The iptables module ipt_REDIRECT and the Perl module IO::Socket::INET is required.
• If you change any of the files in/etc/csf/messenger/
you must restart LFD as they are all cached in memory.
The HTML message that is displayed is provided by the file /etc/csf/messenger/index.html
The HTML server providing this page is very rudimentary but will accept the use
of linked images that are stored in the /etc/csf/messenger/
directory. The
images must be of either jpg, gif or png format. These images are loaded into
memory so you should keep the number and size to a minimum. No other linked
resource files are supported (e.g. .css, .js).
The server has a built-in function that will replace the text [IPADDRESS] in index.html with the IP address that is blocked by the firewall. This will help the blocked user know what their blocked IP address is. You can also use the text [HOSTAME] which will be replaced by the servers FQDN hostname.
• The HTML server does not support SSL connections, so redirecting port 443 will not work.
• The HTML server port should not be added to theTCP_IN
list.
• There is a maximum of 15 ports allowed inMESSENGER_HTML_IN
.
The TEXT message that is displayed is provided by the file /etc/csf/messenger/index.text
This file should only contain text. The TEXT server providing this file simply sends the contents to the connecting port and no protocol exchange takes place. This means that it may not be suitable for use with protocols such as POP3.
The server has a built-in function that will replace the text [IPADDRESS] in index.text with the IP address that is blocked by the firewall. This will help the blocked user know what their blocked IP address is. You can also use the text [HOSTAME] which will be replaced by the servers FQDN hostname.
• The TEXT server does not support SSL connections, so redirecting port 995 will not work.
• The TEXT server port should not be added to theTCP_IN
list.
• There is a maximum of 15 ports allowed inMESSENGER_TEXT_IN
.
The Juggernaut interface will create a unique user that the messenger services will run under. This user will be disabled and have no shell access. The command to create such an account from the root shell would be:
useradd csf -s /bin/false
File | Description |
---|---|
/etc/csf/csf.conf |
MESSENGER_* configuration options |
/etc/csf/messenger/index.html |
The HTML message that is displayed by the messenger service when an IP address is being blocked by the firewall. |
/etc/csf/messenger/index.text |
The TEXT message that is displayed by the messenger service when an IP address is being blocked by the firewall. |