Apf Not Working
[root@server apf-0.9.6-2]# /usr/local/sbin/apf -r
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
apf(30266): {glob} flushing & zeroing chain policies
apf(30266): {glob} firewall offline
eth0: error fetching interface information: Device not found
apf(30317): {glob} activating firewall
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
apf(30379): {glob} unable to load iptables module (ip_tables), aborting.
apf(30317): {glob} firewall initalized
apf(30317): {glob} fast load snapshot saved
Thats what I got right after I installed apf.
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
APF / BFD Are Not Working
I am running APF and BFD on a Centos 4.6 machine. I can see where APF starts and inserts it's startup sequence inside the apf log. Thats all I get though. It has been running for MONTHS and I haven't gotten one IP ban. BFD's log is empty...I have never gotten a single line in any of those logs. I do have ip_tables installed from what I can tell.... When I ran portsentry it added stuff ALL of the time.
View Replies!
View Related
Non-working Forwarding Email Account On Working Domain
I have a domain with a few forwarding email accounts that forward to mac.com email accounts... for some reason every once in a while these accounts stop working... This is the error I get when I email to that account: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: ...
View Replies!
View Related
Apf
Everytime i turn on APF (apf -s), i can not access my website anymore. It probably blocked everyone so I have to turn it off. Can anyone tell me what's wrong? The conf file is default. I have not make change to anything. The two ip addrs in deny_hosts.rules are not my ip address Nothing in allow_hosts.rules when loaded: (apf -s) Quote: apf(29334): {glob} activating firewall apf(29374): {glob} determined (IFACE_IN) eth0 has address 73.233.204.139 apf(29374): {glob} determined (IFACE_OUT) eth0 has address 73.233.204.139 apf(29374): {glob} loading preroute.rules apf(29374): {resnet} downloading http://r-fx.ca/downloads/reserved.networks apf(29374): {resnet} parsing reserved.networks into /etc/apf/internals/reserved.networks apf(29374): {glob} loading reserved.networks apf(29374): {glob} loading bt.rules apf(29374): {glob} loading deny_hosts.rules apf(29374): {trust} deny all to/from 69.22.27.157 apf(29374): {trust} deny all to/from 69.23.27.198 apf(29374): {dshield} downloading http://feeds.dshield.org/top10-2.txt apf(29374): {dshield} parsing top10-2.txt into /etc/apf/ds_hosts.rules apf(29374): {dshield} loading ds_hosts.rules apf(29374): {sdrop} downloading http://www.spamhaus.org/drop/drop.lasso apf(29374): {sdrop} parsing drop.lasso into /etc/apf/sdrop_hosts.rules apf(29374): {sdrop} loading sdrop_hosts.rules apf(29374): {glob} loading common drop ports apf(29374): {blk_ports} deny all to/from tcp port 135:139 apf(29374): {blk_ports} deny all to/from udp port 135:139 apf(29374): {blk_ports} deny all to/from tcp port 111 apf(29374): {blk_ports} deny all to/from udp port 111 apf(29374): {blk_ports} deny all to/from tcp port 513 apf(29374): {blk_ports} deny all to/from udp port 513 apf(29374): {blk_ports} deny all to/from tcp port 520 apf(29374): {blk_ports} deny all to/from udp port 520 apf(29374): {blk_ports} deny all to/from tcp port 445 apf(29374): {blk_ports} deny all to/from udp port 445 apf(29374): {blk_ports} deny all to/from tcp port 1433 apf(29374): {blk_ports} deny all to/from udp port 1433 apf(29374): {blk_ports} deny all to/from tcp port 1434 apf(29374): {blk_ports} deny all to/from udp port 1434 apf(29374): {blk_ports} deny all to/from tcp port 1234 apf(29374): {blk_ports} deny all to/from udp port 1234 apf(29374): {blk_ports} deny all to/from tcp port 1524 apf(29374): {blk_ports} deny all to/from udp port 1524 apf(29374): {blk_ports} deny all to/from tcp port 3127 apf(29374): {blk_ports} deny all to/from udp port 3127 apf(29374): {pkt_sanity} set active PKT_SANITY apf(29374): {pkt_sanity} deny inbound tcp-flag pairs ALL NONE apf(29374): {pkt_sanity} deny inbound tcp-flag pairs SYN,FIN SYN,FIN apf(29374): {pkt_sanity} deny inbound tcp-flag pairs SYN,RST SYN,RST apf(29374): {pkt_sanity} deny inbound tcp-flag pairs FIN,RST FIN,RST apf(29374): {pkt_sanity} deny inbound tcp-flag pairs ACK,FIN FIN apf(29374): {pkt_sanity} deny inbound tcp-flag pairs ACK,URG URG apf(29374): {pkt_sanity} deny inbound tcp-flag pairs ACK,PSH PSH apf(29374): {pkt_sanity} deny inbound tcp-flag pairs ALL FIN,URG,PSH apf(29374): {pkt_sanity} deny inbound tcp-flag pairs ALL SYN,RST,ACK,FIN,URG apf(29374): {pkt_sanity} deny inbound tcp-flag pairs ALL ALL apf(29374): {pkt_sanity} deny inbound tcp-flag pairs ALL FIN apf(29374): {pkt_sanity} deny outbound tcp-flag pairs ALL NONE apf(29374): {pkt_sanity} deny outbound tcp-flag pairs SYN,FIN SYN,FIN apf(29374): {pkt_sanity} deny outbound tcp-flag pairs SYN,RST SYN,RST apf(29374): {pkt_sanity} deny outbound tcp-flag pairs FIN,RST FIN,RST apf(29374): {pkt_sanity} deny outbound tcp-flag pairs ACK,FIN FIN apf(29374): {pkt_sanity} deny outbound tcp-flag pairs ACK,PSH PSH apf(29374): {pkt_sanity} deny outbound tcp-flag pairs ACK,URG URG apf(29374): {pkt_sanity} deny all to/from 255.255.255.255 apf(29374): {pkt_sanity} deny all to/from 0.0.0.255/0.0.0.255 apf(29374): {pkt_sanity} deny all fragmented udp apf(29374): {pkt_sanity} deny inbound tcp port 0 apf(29374): {pkt_sanity} deny outbound tcp port 0 apf(29374): {blk_p2p} set active BLK_P2P apf(29374): {blk_p2p} deny all to/from tcp port 1214 apf(29374): {blk_p2p} deny all to/from udp port 1214 apf(29374): {blk_p2p} deny all to/from tcp port 2323 apf(29374): {blk_p2p} deny all to/from udp port 2323 apf(29374): {blk_p2p} deny all to/from tcp port 4660:4678 apf(29374): {blk_p2p} deny all to/from udp port 4660:4678 apf(29374): {blk_p2p} deny all to/from tcp port 6257 apf(29374): {blk_p2p} deny all to/from udp port 6257 apf(29374): {blk_p2p} deny all to/from tcp port 6699 apf(29374): {blk_p2p} deny all to/from udp port 6699 apf(29374): {blk_p2p} deny all to/from tcp port 6346 apf(29374): {blk_p2p} deny all to/from udp port 6346 apf(29374): {blk_p2p} deny all to/from tcp port 6347 apf(29374): {blk_p2p} deny all to/from udp port 6347 apf(29374): {blk_p2p} deny all to/from tcp port 6881:6889 apf(29374): {blk_p2p} deny all to/from udp port 6881:6889 apf(29374): {blk_p2p} deny all to/from tcp port 6346 apf(29374): {blk_p2p} deny all to/from udp port 6346 apf(29374): {blk_p2p} deny all to/from tcp port 7778 apf(29374): {blk_p2p} deny all to/from udp port 7778 apf(29374): {glob} loading log.rules apf(29374): {glob} virtual net subsystem disabled. apf(29374): {glob} loading main.rules apf(29374): {glob} opening inbound tcp port 22 on 0/0 apf(29374): {glob} opening inbound icmp type 3 on 0/0 apf(29374): {glob} opening inbound icmp type 5 on 0/0 apf(29374): {glob} opening inbound icmp type 11 on 0/0 apf(29374): {glob} opening inbound icmp type 0 on 0/0 apf(29374): {glob} opening inbound icmp type 30 on 0/0 apf(29374): {glob} opening inbound icmp type 8 on 0/0 apf(29374): {glob} resolv dns discovery for 73.233.192.2 apf(29374): {glob} loading postroute.rules apf(29374): {glob} default (egress) output accept apf(29374): {glob} default (ingress) input drop apf(29334): {glob} firewall initalized apf(29334): {glob} !!DEVELOPMENT MODE ENABLED!! - firewall will flush every 5 minutes.
View Replies!
View Related
APF
I do get DDos attack more often and I have APF firewall, and I block IPs manually. Can APF detect DDOS attack IP autamatically and block it? Can I set it up like that?
View Replies!
View Related
APF
I have just got an ssh issue sorted 10 minutes ago, now I have a problem with APF. I decided to install CSF, went ok, disabled apf. Didn’t like CSF to much and didn’t have time to configure it correctly. So uninstalled csf, now APF is my main firewall, but for some reason it doesn’t want to block ports, even though I have only enabled certain ports to be allowed such as 21, 80 etc. Restarted APF, rebooted server.
View Replies!
View Related
APF
I am trying to start APF on my server but it is giving the error: root@comet [~]# service apf start #Starting APF:iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name It has been working but it appears to no longer be working.
View Replies!
View Related
APF Loading: Is Everything OK
i am getting iptables errors when reloading APF, and after that APF takes a few seconds to move thru each line in deny_hosts.rules (and also other rules files). is this normal? if i have a very long list of deny rules wouldnt this delay loading other rules? (running centos/virtuozzo 2.6.18-028stab062.3) Code: /etc/apf/apf -r apf(7689): {glob} flushing & zeroing chain policies apf(7689): {glob} firewall offline apf(7721): {glob} activating firewall apf(7761): {glob} determined (IFACE_IN) venet0 has address 127.0.0.1 apf(7761): {glob} determined (IFACE_OUT) venet0 has address 127.0.0.1 apf(7761): {glob} loading preroute.rules iptables: Unknown error 18446744073709551615 iptables: Unknown error 18446744073709551615 iptables: Unknown error 18446744073709551615 iptables: Unknown error 18446744073709551615 iptables: Unknown error 18446744073709551615 iptables: Unknown error 18446744073709551615 iptables: Unknown error 18446744073709551615 apf(7761): {resnet} downloading http://r-fx.ca/downloads/reserved.networks apf(7761): {resnet} parsing reserved.networks into /etc/apf/internals/reserved.networks apf(7761): {glob} loading reserved.networks apf(7761): {glob} loading bt.rules apf(7761): {glob} loading deny_hosts.rules apf(7761): {trust} deny all to/from 124.166.250.250 ' not found.3.5: host/network `124.166.250.250 Try `iptables -h' or 'iptables --help' for more information. ' not found.3.5: host/network `124.166.250.250 Try `iptables -h' or 'iptables --help' for more information. apf(7761): {trust} deny all to/from 200.233.149.110
View Replies!
View Related
APF Removal
I am giving CSF a try and so far like what I see. I removed APF with the following commands: rm -fv /etc/cron.daily/fw chkconfig –del apf rm -frv /etc/apf But it appears that I still have 'symlinks' for the following in /usr/local/sbin: apf -> /etc/apf/apf fwmgr -> /etc/apf/apf These two items are blinking. How can I safely remove them?
View Replies!
View Related
APF Update
i installed APF ( firewall ) in my dediated server 2 years ago. i want to update my APF to new version, Current Version : APF version 0.9.6 how to update to last version?
View Replies!
View Related
Apf Logs
I just got an email from my vps saying that a BFD attack was stopped and the ip was banned after 40 failed attempts of logging into ftpdpro. I logged in and started looking around and I noticed that in my apf log file there was: Code: Jan 15 00:54:07 s1 apf(22290): {glob} firewall initalized Jan 15 00:54:07 s1 apf(22290): {glob} fast load snapshot saved Jan 15 00:58:06 s1 apf(32425): {glob} uptime less than 5 minutes, going full load Jan 15 00:58:06 s1 apf(32425): {glob} activating firewall Jan 15 00:58:06 s1 apf(32500): {glob} unable to load iptables module (ip_tables), aborting. Jan 15 00:58:06 s1 apf(32425): {glob} firewall initalized Jan 15 00:58:06 s1 apf(32425): {glob} fast load snapshot saved Jan 15 01:00:04 s1 apf(3950): {glob} uptime less than 5 minutes, going full load My concern is that it says "unable to load iptables module (ip_tables), aborting.
View Replies!
View Related
Understanding APF
I am getting ready to install APF, I have read multiple articles, but am still confused with the following parameters and what needs to be included in each: IG_TCP_CPORTS IG_UDP_CPORTS EG_TCP_CPORTS EG_UDP_CPORTS These are the ports that I want to use: 21,22,25,53,80,110,143,443,465,873,993,995 How do I know what port goes in what parameter? How do I know if it goes in TCP or UDP and if it goes in Ingress or Egress? What is the difference between TCP and UDP? Is it ok to have a port listed in both TCP an UDP, and also in Ingress as well as in Egress?
View Replies!
View Related
Something Wrong With My APF
i have CentOs5 / Plesk Panel / VPS Server ... and i install APF now with this /etc/apf/conf.apf FILE ...... PHP Code: IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,8443"IG_UDP_CPORTS="37,53,873"EGF="1"EG_TCP_CPORTS="20,21,22,25,53,37,43,80,113,443,465,873,5224"EG_UDP_CPORTS="53,873" ================================== and i changed the interface to this venet0 PHP Code: # Untrusted Network interface(s); all traffic on defined interface will be# subject to all firewall rules. This should be your internet exposed# interfaces. Only one interface is accepted for each value.IFACE_IN="venet0"IFACE_OUT="venet0" ================================== when i finish it and restart my apf its shows me like this ??? PHP Code: [root@box ~]# apf -sapf(3107): {glob} activating firewallapf(3149): {glob} determined (IFACE_IN) venet0 has address 127.0.0.1apf(3149): {glob} determined (IFACE_OUT) venet0 has address 127.0.0.1apf(3149): {glob} loading preroute.rulesiptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295apf(3149): {resnet} downloading http://r-fx.ca/downloads/reserved.networksapf(3149): {resnet} download of http://r-fx.ca/downloads/reserved.networks failedapf(3149): {glob} loading reserved.networksapf(3149): {glob} SET_REFRESH is set to 10 minutesapf(3149): {glob} loading bt.rulesapf(3149): {dshield} downloading http://feeds.dshield.org/top10-2.txtapf(3149): {dshield} download of http://feeds.dshield.org/top10-2.txt failedapf(3149): {sdrop} downloading http://www.spamhaus.org/drop/drop.lassoapf(3149): {sdrop} parsing drop.lasso into /etc/apf/sdrop_hosts.rulesapf(3149): {sdrop} loading sdrop_hosts.rulesapf(3149): {glob} loading common drop portsapf(3149): {blk_ports} deny all to/from tcp port 135:139apf(3149): {blk_ports} deny all to/from udp port 135:139apf(3149): {blk_ports} deny all to/from tcp port 111apf(3149): {blk_ports} deny all to/from udp port 111apf(3149): {blk_ports} deny all to/from tcp port 513apf(3149): {blk_ports} deny all to/from udp port 513apf(3149): {blk_ports} deny all to/from tcp port 520apf(3149): {blk_ports} deny all to/from udp port 520apf(3149): {blk_ports} deny all to/from tcp port 445apf(3149): {blk_ports} deny all to/from udp port 445apf(3149): {blk_ports} deny all to/from tcp port 1433apf(3149): {blk_ports} deny all to/from udp port 1433apf(3149): {blk_ports} deny all to/from tcp port 1434apf(3149): {blk_ports} deny all to/from udp port 1434apf(3149): {blk_ports} deny all to/from tcp port 1234apf(3149): {blk_ports} deny all to/from udp port 1234apf(3149): {blk_ports} deny all to/from tcp port 1524apf(3149): {blk_ports} deny all to/from udp port 1524apf(3149): {blk_ports} deny all to/from tcp port 3127apf(3149): {blk_ports} deny all to/from udp port 3127apf(3149): {pkt_sanity} set active PKT_SANITYapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL NONEapf(3149): {pkt_sanity} deny inbound tcp-flag pairs SYN,FIN SYN,FINapf(3149): {pkt_sanity} deny inbound tcp-flag pairs SYN,RST SYN,RSTapf(3149): {pkt_sanity} deny inbound tcp-flag pairs FIN,RST FIN,RSTapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ACK,FIN FINapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ACK,URG URGapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ACK,PSH PSHapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL FIN,URG,PSHapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL SYN,RST,ACK,FIN,URGapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL ALLapf(3149): {pkt_sanity} deny inbound tcp-flag pairs ALL FINapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ALL NONEapf(3149): {pkt_sanity} deny outbound tcp-flag pairs SYN,FIN SYN,FINapf(3149): {pkt_sanity} deny outbound tcp-flag pairs SYN,RST SYN,RSTapf(3149): {pkt_sanity} deny outbound tcp-flag pairs FIN,RST FIN,RSTapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ACK,FIN FINapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ACK,PSH PSHapf(3149): {pkt_sanity} deny outbound tcp-flag pairs ACK,URG URGapf(3149): {pkt_sanity} deny all fragmented udpapf(3149): {pkt_sanity} deny inbound tcp port 0apf(3149): {pkt_sanity} deny outbound tcp port 0apf(3149): {blk_p2p} set active BLK_P2Papf(3149): {blk_p2p} deny all to/from tcp port 1214apf(3149): {blk_p2p} deny all to/from udp port 1214apf(3149): {blk_p2p} deny all to/from tcp port 2323apf(3149): {blk_p2p} deny all to/from udp port 2323apf(3149): {blk_p2p} deny all to/from tcp port 4660:4678apf(3149): {blk_p2p} deny all to/from udp port 4660:4678apf(3149): {blk_p2p} deny all to/from tcp port 6257apf(3149): {blk_p2p} deny all to/from udp port 6257apf(3149): {blk_p2p} deny all to/from tcp port 6699apf(3149): {blk_p2p} deny all to/from udp port 6699apf(3149): {blk_p2p} deny all to/from tcp port 6346apf(3149): {blk_p2p} deny all to/from udp port 6346apf(3149): {blk_p2p} deny all to/from tcp port 6347apf(3149): {blk_p2p} deny all to/from udp port 6347apf(3149): {blk_p2p} deny all to/from tcp port 6881:6889apf(3149): {blk_p2p} deny all to/from udp port 6881:6889apf(3149): {blk_p2p} deny all to/from tcp port 6346apf(3149): {blk_p2p} deny all to/from udp port 6346apf(3149): {blk_p2p} deny all to/from tcp port 7778apf(3149): {blk_p2p} deny all to/from udp port 7778apf(3149): {glob} loading log.rulesapf(3149): {glob} virtual net subsystem disabled.apf(3149): {glob} loading main.rulesapf(3149): {glob} opening inbound tcp port 20 on 0/0apf(3149): {glob} opening inbound tcp port 21 on 0/0apf(3149): {glob} opening inbound tcp port 22 on 0/0apf(3149): {glob} opening inbound tcp port 25 on 0/0apf(3149): {glob} opening inbound tcp port 53 on 0/0apf(3149): {glob} opening inbound tcp port 80 on 0/0apf(3149): {glob} opening inbound tcp port 110 on 0/0apf(3149): {glob} opening inbound tcp port 143 on 0/0apf(3149): {glob} opening inbound tcp port 443 on 0/0apf(3149): {glob} opening inbound tcp port 465 on 0/0apf(3149): {glob} opening inbound tcp port 993 on 0/0apf(3149): {glob} opening inbound tcp port 995 on 0/0apf(3149): {glob} opening inbound tcp port 8443 on 0/0apf(3149): {glob} opening inbound udp port 37 on 0/0apf(3149): {glob} opening inbound udp port 53 on 0/0apf(3149): {glob} opening inbound udp port 873 on 0/0apf(3149): {glob} opening outbound tcp port 20 on 0/0apf(3149): {glob} opening outbound tcp port 21 on 0/0apf(3149): {glob} opening outbound tcp port 22 on 0/0apf(3149): {glob} opening outbound tcp port 25 on 0/0apf(3149): {glob} opening outbound tcp port 53 on 0/0apf(3149): {glob} opening outbound tcp port 37 on 0/0apf(3149): {glob} opening outbound tcp port 43 on 0/0apf(3149): {glob} opening outbound tcp port 80 on 0/0apf(3149): {glob} opening outbound tcp port 113 on 0/0apf(3149): {glob} opening outbound tcp port 443 on 0/0apf(3149): {glob} opening outbound tcp port 465 on 0/0apf(3149): {glob} opening outbound tcp port 873 on 0/0apf(3149): {glob} opening outbound tcp port 5224 on 0/0apf(3149): {glob} opening outbound udp port 53 on 0/0apf(3149): {glob} opening outbound udp port 873 on 0/0apf(3149): {glob} opening inbound icmp type 3 on 0/0apf(3149): {glob} opening inbound icmp type 5 on 0/0apf(3149): {glob} opening inbound icmp type 11 on 0/0apf(3149): {glob} opening inbound icmp type 0 on 0/0apf(3149): {glob} opening inbound icmp type 30 on 0/0apf(3149): {glob} opening inbound icmp type 8 on 0/0apf(3149): {glob} opening outbound icmp all on 0/0iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295apf(3149): {glob} resolv dns discovery for 207.218.192.38iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295iptables: Unknown error 4294967295apf(3149): {glob} loading postroute.rules
View Replies!
View Related
For Start APF
i install APF and config conf file but i have a problem for start APF : root@server [~]# /usr/local/sbin/apf -r eth0 : error fetching interface information Device not found eth0 : error fetching interface information Device not found eth0 : error fetching interface information Device not found eth0 : error fetching interface information Device not found eth0 : error fetching interface information Device not found Development mode enabled !; firewall will fluch every 5 minutes. Unable to load iptable module (ip_tables), abroting i check APF status : apf -t Firewall offline i install apf and config conf file for Start APF?
View Replies!
View Related
APF Hostname
Installed APF on a Fedora Core 6 box, had a problem with one of the modules (Unable to load iptables module (ipt_multiport), aborting) which was sorted by editing the functions file. But I now get this come up 30 times when I start the firewall: hostname: Unknown host Some guides talk about setting a hostname but I dont have a domain name just an IP Address. Then depending on what guide I look at there are references to different files. So I am not sure which file to edit.
View Replies!
View Related
Understanding APF
having my own dedicated server. I have apf installed and I wanted to see how it blocked IPs so I had a friend, whoes IP I knew, help me. I added his IP to the deny_hosts.rules, thinking that would block him from my server, but it did not. Now, mind you, the way I added his IP was to simply use an editor and add his IP to the bottom of the list. Then I got to thinking, does teh apf only load the rules every so often? If so, how can I tell when or how often the rules load? ALso, do I need to add an IP using apr -d IPNUMBER in order for the apf to recognize it? I'd appreciate some info on how the apf works and how I can add IPs myself that I want to add and be sure that they are being blocked.
View Replies!
View Related
APF And AntiDOS
I have installed APF. I also activated AntiDos that is part of APF. I have changed the following in the config file: Quote: # Try to detect syn-flood attacks [0=off,1=on] DET_SF="1" The rest of settings are default. I have Intel Xeon-Woodcrest 5148-DualCore-LV [2.33GHz] server with 4 gigs of RAM. My web server is extremely slow. I run commands, such as: Quote: netstat -pan | sort +4 |awk '{print$5}'| sed -e s/':.*'/''/g | sort | uniq -c | sort -k1 -nr | head -n 20 netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 netstat -plan|grep :25|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1 netstat -nap | grep SYN | awk '{print $5}' | awk -F ":" '{print $1}' | sort | uniq -c | sort -n netstat -n | grep SYN Sometimes I see entries that indicate possible attack, such as: Quote: 63 80.191.210.252 , but most of times, there are many IPs, example: Quote: 24 85.133.177.70 20 89.178.184.215 18 83.11.216.179 15 84.234.0.183 7 87.228.120.88 7 172.188.3.203 6 202.84.43.178 5 89.178.45.124 4 85.117.72.151 2 202.40.181.72 2 217.172.29.7 Here are my questions: what is going on? I understand that apache is getting flooded, but any way to adjust APF's antidos to block those attacks? ANy better solution? Does AntiDos feature of APF really work? I've read about mod_evasive addon. Shall I install it, too? Will there be a conflict between APF's AntiDos and mod_evasive running together? My users are tired of waiting for forum to load.
View Replies!
View Related
APF Blocks My IP Too
APF (on my server) often blocks me and some other browsers but I don't want it to do this. Let me give the last one log below; Code: May 26 09:38:01 linux apf(9884): (insert) deny all to/from 85.101.x.x (my ip) After 20 minutes automaticly deleting the block. May 26 09:58:02 linux apf(11064): {delete} deny all to/from 85.101.x.x
View Replies!
View Related
Quick APF
I`ve read this about allowing certain IPs access to the server Quote: More advanced: /etc/apf/allow_hosts.rules 10. As a safety precaution, you might want to add your ip to the '/etc/apf/allow_hosts.rules' file. Open the file in your favorite editor. 11. Add the ip of your computer to the end of the file. This will cause all traffic to and from that ip not to be filtered. You can also add the ip's of other servers. If you want to specify what kind of traffic to allow from those ips that is not covered with the current firewall rules (ie. you blocked all traffic to SSH and only want a few ips to be able to access the SSH port), then this is the format you would use: Protocol : direction/flow : source/destination port : s/d ip [tcp/udp] : [in/out] : [s=/d=]PORT : [s=/d=]IP Ex (let the ip 192.168.0.100 access to port 22): tcp:in:d=22: s=192.168.0.100 What I`d like to know is if its possible to put an IP range in there instead of just one ip address such as you specify a range in the conf.apf file upon setup eg: tcp:in:d=99_123: s=192.168.0.100 where 99_123 is the port range
View Replies!
View Related
How To Block All Other IP And Allow Certain IP Using APF
I have DDos Attack right now so I want to block all the IP from all over the world and just allow certain IP range. How to do it using APF or any other way. For example I want to block everything but Germany IP Code: 53.0.0.0/8 62.4.64.0/19 62.8.32.0/19 62.8.128.0/17 62.24.0.0/19 62.26.0.0/15 62.40.0.0/19 62.44.32.0/19 62.48.64.0/19 62.50.32.0/19 62.50.96.0/19 62.50.192.0/18 62.52.0.0/14 62.61.32.0/19 62.68.0.0/19 62.72.0.0/18 62.72.64.0/19 62.75.128.0/17 62.78.64.0/20 62.80.0.0/18 62.80.96.0/19 62.89.160.0/19 62.91.0.0/16 62.93.192.0/18 62.95.128.0/18 62.104.0.0/16 62.109.64.0/18 62.109.128.0/19 62.111.0.0/17 62.112.32.0/19 62.112.64.0/19 62.112.128.0/19 62.116.128.0/18 62.117.0.0/19 62.128.0.0/19 62.128.160.0/19 62.133.0.0/19 62.138.0.0/16 62.141.32.0/19 62.141.160.0/19 62.145.0.0/19 62.143.0.0/16 62.144.0.0/16 62.146.0.0/16 62.152.0.0/19 62.152.160.0/19 62.153.0.0/16 62.154.0.0/15 62.156.0.0/14 62.165.0.0/19 62.168.192.0/19 62.169.0.0/19 62.176.128.0/19
View Replies!
View Related
APF Correct
i install APF and RUN to Server i don`t know my APF is Coorect or no! root@server [/]# apf -t APF Status Log: Feb 01 01:57:54 server apf(11506): firewall initalized Feb 01 01:57:54 server apf(11565): {glob} default (ingress) input drop Feb 01 01:57:54 server apf(11565): {glob} default (egress) output drop what is meaning >> firewall initalized << ?
View Replies!
View Related
APF Download (rfxn Not Available)
I`m not looking for a debate on the APF, CFS or whatever firewall is better! Seems the RFXnetworks website is not available, does anyone have the latest APF floating around for a wget download? Has RFX gone for good or is this outage blip - anyone know?
View Replies!
View Related
Sudo & APF
i have a cent os 5 box with directadmin on id like the user apache to be able to run iptables or apf but every time i allow apache to run the command its fine untill you have to add the extra command to tell it to drop then it just comes up with permissions denied can any one help me with this please? i've tryed apache ALL = (root) NOPASSWD: /sbin/iptables apache ALL=(ALL) ALL and it still wont let me use apache to write to the deny rules list
View Replies!
View Related
Apf / Plesk Vps
I installed a Plesk vps and APF firewall. If apf is enabled, I cannot access Plesk. I get this error via virtuozzo panel (vzpp) If I disable apf, it works fine. Not sure what's wrong here. My settings for APF are: IFACE_IN="venet0" IFACE_OUT="venet0" SET_MONOKERN="1" IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,8443" IG_UDP_CPORTS="37,53,873" EGF="1" EG_TCP_CPORTS="20,21,22,25,53,37,43,80,113,443,465,873,5224" EG_UDP_CPORTS="53,873" I duplicated this problem with CSF also. Any ideas? Using Plesk 8.3 linux on a vps.
View Replies!
View Related
Apf And DDoS Deflate
A couple of days ago I was having load issues and and my host looked at my issue and added apf 0.9.6 rev2 with ddos deflate, and the load has gone down. I have a question though, when APF_BAN=1 and ban period is minutes BAN_PERIOD=1800 why does my deny.hosts have 2 day old bans?
View Replies!
View Related
Latest Version Of APF
I noticed when installing latest version of APF 0.9.6.3 over the previous version 0.9.6.2 it will import all the variable and ports settings from conf.apf and allow_hosts.rules files of the previous version. so there will be no need to edit or configure any thing any more when upgrading APF exept setting DEVEL_MODE to 0 and restart APF.
View Replies!
View Related
Apf To Block An IP Address
I have blocked this IP 125.115.144.28 /etc/apf/apf -d 125.115.144.28 But netstat -anp|grep tcp|awk '{print $5}'| cut -d : -f1 | sort | uniq -c | sort -n It still showing 202 125.115.144.28 Why? Is it supposed to blocked right away, or need some time to get blocked. When I checked /etc/apf/deny_hosts.rules The IP is in the file.
View Replies!
View Related
APF Start On Boot
I've supposedly set APF firewall to start at boot time, by doing something like: chkconfig --levels 2345 apf on However i have my reservations to weather it is actually starting, its set to block port 80, after boot if i try and access it, the connection will get refused straight away, however if i go and manually start APF then try and access again, it will take a while, like its ignoring the connection attempt (which is good). How could I check if APF is actually running?
View Replies!
View Related
Can You Wildcard Ban On APF Like: 12.34.67
I am starting to notice a range of IPs I'd rather not have access to any portion of my server's existence. Can I add them to: /etc/apf/deny_hosts.rules in this fashion: 12.34.567. (This would effectively ban anyone whose IP began with these digits, regardless of what the last bracket's # is) Possible? I'd test, but my IP does not reset so frequently and I don't want to lock myself out of the server if it ends up working.
View Replies!
View Related
DOS Attack And APF
My server is under dos attack (http) , I have installed APF firewall and ddos deflate. I configure them to work together. now if any IP with more than 100 connections is black listed by dos deflate, I can see it in apf's deny_hosts.rules file. everything seems correct, but my server still very slow. the ip which is causing that has more than 1000 request and is blacklisted.
View Replies!
View Related
Email- APF Firewall
I have installed APF on my server (Using DirectAdmin control panel and Exim ). Config below : This system open incomings ports : 21,22,37,53,80,110,143,443,465,993,995,2222,6000_7000 This system open outbound ports : 21,25,43,80,110,143,443,465,993,995,2222 But i can not send or receive email!
View Replies!
View Related
APF Accidentally Banned Someone
I've an interesting issue here. A client of mine was apparently banned from one of my servers and the problem has been narrowed down to the APF. What's odd is that he's not listed on /etc/apf/deny_hosts.rules file, nor is his IP blocked by iptables. But, as soon as the APF is enabled he can't access anything on the server! This is very random, I've been using APF for just over a year now and I've never had a problem like this. But who's to say it's not happening to others as well?
View Replies!
View Related
Adding IP Block To APF
I currently have a private server in my office which has cPanel and APF installed. The server only allows one static IP to access SSH, at the moment I'm away and don’t have a static IP on my current ISP connection so cannot access SSH. Is there a way to add say 123.456.000.000 which would allow all IP's in the 123.456 block?
View Replies!
View Related
APF Entries And CIDR
I have been trying to figure out how to allow a range of IPs with APF. I finally came across the CIDR page on wikipedia and read it though, and now I get it. I just want to confirm one thing before I implement this. I run a gameserver where I want to allow everyone in the world to connect on a certain port, so can I use this entry? Code: tcp:in:d=27015:s=192.168.0.0/0 From what I understand, using the /0 CIDR suffix basically means "all IPs". So technically I could use ANY IP address for the source with the /0 suffix and it will work right?
View Replies!
View Related
APF: Allowing By Hostnames
It's possible to allow certain IP ranges to access certain ports by adding to allow_hosts.rules, but is it possible to allow certain domain names? Eg: I want to allow all users of bell.ca to access port 41125-41130, and block all others from inbound/outbound.
View Replies!
View Related
APF,BFD VS CSF
Just been wondering regarding ABF, BFD and CSF. For More info on CSF: Click here! CSF requires APF and BFD to be Disabled. So Which one do you Suggest Regarding security Point of View. I see CSF has lot of Important things which can include IP Blacklist, Notify on SSH Logins etc.
View Replies!
View Related
APF & Virtuozzo
I installed Apf on Virtuozzo VE, which went well until I enabled it. I could not access Plesk installed on the machine, then I realized it was listening to port 8880 from the Service VE as well as 8443. Enabling 8880 in the common ports solved the problem, but I only want it blocked for everything BUT the Service VE. I looked in the manual and the section that discusses adding custom rules for aliases only has a header and does not have any description. Anyone know how to block port 8880 to the world but allow 8880 to a particular IP?
View Replies!
View Related
APF Can't Block Banned One Of The IP
Since some days I have a problem with apf: It can't BAN one of the Ip from file deny_hosts.rules. Other IP's are correctly banned. Of course in apf log are: apf(28474): {trust} deny all to/from 88.84.141.233 but this ip still have access to my server and scan my ports. I have this problem after editing internals/rab.ports (I added some ports to RAB_PSCAN_LEVEL_2). I don't know how can I fix this problem. Topic should have title: APF can't block one of the banned IP.
View Replies!
View Related
|
TRACKER
