In this case the shebang isn't even used as the script is invoked with /bin/sh &syscommand(__LINE__,"/bin/sh /etc/csf/csfpost.sh"); (even with the csf-pre_post_sh project as it just sources the script).
When exposing a port only to a particular IP address with `-p 127.0.0.1:3005:3000` after a csf restart previously this would expose port 3005 to the world. With this change, ports that aren't exposed to 0.0.0.0 are limited.
I observed when csf is updated via cron [1] that the rules csfpost.sh should generate are not present, I suspect the path to the binaries invoked are not available.
[1] cat /etc/cron.d/csf_update
SHELL=/bin/sh
27 4 * * * root /usr/sbin/csf -u
