From b94dd0a3dfb394109f5df6ffa351da17e51fa4b6 Mon Sep 17 00:00:00 2001
From: Michael Ramsey <mike@hackerdise.me>
Date: Fri, 29 Nov 2019 11:28:43 -0500
Subject: [PATCH] Update CSF to enable Ipset

---
 plogical/csf.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/plogical/csf.py b/plogical/csf.py
index 666b9136d..601a375ab 100755
--- a/plogical/csf.py
+++ b/plogical/csf.py
@@ -73,10 +73,10 @@ class CSF(multi.Thread):
 
             # install required packages for CSF perl and /usr/bin/host
             if ProcessUtilities.decideDistro() == ProcessUtilities.centos:
-                command = 'yum install bind-utils net-tools perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph -y'
+                command = 'yum install bind-utils net-tools perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph ipset -y'
                 ProcessUtilities.normalExecutioner(command)
             elif ProcessUtilities.decideDistro() == ProcessUtilities.ubuntu:
-                command = 'apt-get install dnsutils libwww-perl liblwp-protocol-https-perl libgd-graph-perl net-tools -y'
+                command = 'apt-get install dnsutils libwww-perl liblwp-protocol-https-perl libgd-graph-perl net-tools ipset -y'
                 ProcessUtilities.normalExecutioner(command)
                 command = 'ln -s /bin/systemctl /usr/bin/systemctl'
                 ProcessUtilities.normalExecutioner(command)
@@ -280,6 +280,10 @@ class CSF(multi.Thread):
                 elif items.find('PT_LOAD =') > -1 and items.find('=') > -1 and (items[0] != '#'):
                     writeToConf.writelines('PT_LOAD = "0"\n')
 
+                #  Enable LF_IPSET for CSF for more efficient ipables rules with ipset
+                elif items.find('LF_IPSET =') > -1 and items.find('=') > -1 and (items[0] != '#'):
+                    writeToConf.writelines('LF_IPSET = "1"\n')
+
                 #  HTACCESS_LOG is ins main error.log
                 elif items.find('HTACCESS_LOG =') > -1 and items.find('=') > -1 and (items[0] != '#'):
                     writeToConf.writelines('HTACCESS_LOG = "/usr/local/lsws/logs/error.log"\n')