Results 1 to 8 of 8
  1. #1

    APF Firewall - Problem Starting

    Hi. I have installed the APF firewall on a RH Linux 9 box with Cpanel and Apache 1.3.31.

    When I try to start it, I get this error.

    root@ns [~]# service apf start
    Starting APF:/usr/local/sbin/apf: $IPTLOG: ambiguous redirect
    /usr/local/sbin/apf: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect
    ..........

    And I have to stop the command via <ctrl> c

    What could be the source of this problem? I cannot seem to be able to find the $IPTLOG variable.

  2. #2
    Strange this is, this firewall used to work fine until recently. I do not know what has changed to affect this.

  3. #3
    Join Date
    Jun 2003
    Location
    Toronto, Ontario, Canada
    Posts
    441
    Check your conf.apf for errors and/or missing lines?

  4. #4
    What version of APF?
    ••• Like us on Facebook to qualify for discounts! •••
    ••• http://www.sprintserve.net •••
    ••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
    ••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

  5. #5
    Originally posted by sprintserve
    What version of APF?
    Version 0.9.3

  6. #6
    I did find the $iptlog variable.... Here is the code from /etc/apf/internals/function.apf

    I see the $iptlog variable in the last line of the code below

    You know, the only thing I did in the past weeks is I used "./scripts/securetmp" (CPanel server) to secure the /tmp directory on this server. Surely that has not interfered with this firewall?

    ========== CODE function.apf =============
    ##
    echo "Inserted into firewall: Allow all to/from $HOST"
    fi
    else
    echo "an FQDN or IP address is required for this option"
    fi
    }

    d_cli_tr() {
    HOST=$1
    if [ ! "$HOST" == "" ]; then
    val=`cat /etc/apf/deny_hosts.rules | grep -w $HOST`
    if [ ! "$val" == "" ]; then
    echo "$HOST already exists in trust system"
    else
    echo "$HOST" >> /etc/apf/deny_hosts.rules
    $IPT -I INPUT -s $HOST -i $IF -j $DSTOP
    $IPT -I OUTPUT -d $HOST -o $IF -j $DSTOP
    eout "(insert) deny all to/from $HOST"
    echo "Inserted into firewall: Deny all to/from $HOST"
    fi
    else
    echo "an FQDN or IP address is required for this option"
    fi
    }

    flush() {
    if [ ! "$1" = "1" ]; then
    eout "flushing & zeroing chain policies"
    fi
    chains=`cat /proc/net/ip_tables_names 2>/dev/null`
    for i in $chains; do $IPT -t $i -F; done
    for i in $chains; do $IPT -t $i -X; done
    $IPT -P INPUT ACCEPT
    $IPT -P OUTPUT ACCEPT
    $IPT -P FORWARD ACCEPT
    if [ ! "$1" = "1" ]; then
    eout "firewall offline"
    fi
    }

    list() {
    echo "Loading chain rules..."
    :> /tmp/ipt.chains ; chmod 600 /tmp/ipt.chains
    $IPT --line-numbers --list >> /tmp/ipt.chains
    echo "Opening editor"
    /usr/bin/pico -w /tmp/ipt.chains
    clear
    rm -f /tmp/ipt.chains
    }

    status() {
    echo "$NAME Status Log:"
    tac $IPTLOG | more
    }

    ==============================

  7. #7
    Try to do the follownig

    service apf restart

    If you have run /scripts/securetmp while having the firewall running. It may be a smart thing to restart APF.

  8. #8
    Originally posted by BitOMagic
    Try to do the follownig

    service apf restart

    If you have run /scripts/securetmp while having the firewall running. It may be a smart thing to restart APF.
    Right. I have restarted apf. That's when I noticed that the error happens....


    root@ns [~]# service apf restart
    Stopping APF:/etc/init.d/apf: $IPTLOG: ambiguous redirect
    /etc/init.d/apf: $IPTLOG: ambiguous redirect
    [ OK ]
    Starting APF:/usr/local/sbin/apf: $IPTLOG: ambiguous redirect
    /usr/local/sbin/apf: $IPTLOG: ambiguous redirect
    /usr/local/sbin/apf: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect
    /etc/apf/firewall: $IPTLOG: ambiguous redirect

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •