I have created intelligent analyzer and fixer script for CSF firewall deny list and i would like to share it with everyone.
In short what it doues:
- Finds IPv4 /24 and IPv6 /64 or /128 subnets with more than 3 individual IPs.
- Reports those subnets with the associated comment.
- Detects and reports redundant IPs already covered by subnet blocks.
- Detects and reports duplicate subnet entries.
- Detects and reports entries older then 60 days.
- Detects and reports entries withoud date stamp.
- To fix all of that call it with -fix
Let me know how you like it and is there anything else what could be smart to add.
https://www.simunovic.net/TMP/scfanalyzer.sh
Topic: CSF analyzer (Read 15 times)
