Results 1 to 8 of 8
Thread: APF Firewall - Problem Starting
-
08-07-2004, 11:41 AM #1Disabled
- Join Date
- Apr 2001
- Posts
- 184
APF Firewall - Problem Starting
Hi. I have installed the APF firewall on a RH Linux 9 box with Cpanel and Apache 1.3.31.
When I try to start it, I get this error.
root@ns [~]# service apf start
Starting APF:/usr/local/sbin/apf: $IPTLOG: ambiguous redirect
/usr/local/sbin/apf: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect
..........
And I have to stop the command via <ctrl> c
What could be the source of this problem? I cannot seem to be able to find the $IPTLOG variable.
-
08-07-2004, 02:56 PM #2Disabled
- Join Date
- Apr 2001
- Posts
- 184
Strange this is, this firewall used to work fine until recently. I do not know what has changed to affect this.
-
08-07-2004, 06:33 PM #3Aspiring Evangelist
- Join Date
- Jun 2003
- Location
- Toronto, Ontario, Canada
- Posts
- 441
Check your conf.apf for errors and/or missing lines?
-
08-07-2004, 07:00 PM #4Retired Moderator
- Join Date
- Jan 2003
- Posts
- 9,049
What version of APF?
••• Like us on Facebook to qualify for discounts! •••
••• http://www.sprintserve.net •••
••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••
-
08-07-2004, 07:14 PM #5Disabled
- Join Date
- Apr 2001
- Posts
- 184
Originally posted by sprintserve
What version of APF?
-
08-07-2004, 07:18 PM #6Disabled
- Join Date
- Apr 2001
- Posts
- 184
I did find the $iptlog variable.... Here is the code from /etc/apf/internals/function.apf
I see the $iptlog variable in the last line of the code below
You know, the only thing I did in the past weeks is I used "./scripts/securetmp" (CPanel server) to secure the /tmp directory on this server. Surely that has not interfered with this firewall?
========== CODE function.apf =============
##
echo "Inserted into firewall: Allow all to/from $HOST"
fi
else
echo "an FQDN or IP address is required for this option"
fi
}
d_cli_tr() {
HOST=$1
if [ ! "$HOST" == "" ]; then
val=`cat /etc/apf/deny_hosts.rules | grep -w $HOST`
if [ ! "$val" == "" ]; then
echo "$HOST already exists in trust system"
else
echo "$HOST" >> /etc/apf/deny_hosts.rules
$IPT -I INPUT -s $HOST -i $IF -j $DSTOP
$IPT -I OUTPUT -d $HOST -o $IF -j $DSTOP
eout "(insert) deny all to/from $HOST"
echo "Inserted into firewall: Deny all to/from $HOST"
fi
else
echo "an FQDN or IP address is required for this option"
fi
}
flush() {
if [ ! "$1" = "1" ]; then
eout "flushing & zeroing chain policies"
fi
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
for i in $chains; do $IPT -t $i -F; done
for i in $chains; do $IPT -t $i -X; done
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
if [ ! "$1" = "1" ]; then
eout "firewall offline"
fi
}
list() {
echo "Loading chain rules..."
:> /tmp/ipt.chains ; chmod 600 /tmp/ipt.chains
$IPT --line-numbers --list >> /tmp/ipt.chains
echo "Opening editor"
/usr/bin/pico -w /tmp/ipt.chains
clear
rm -f /tmp/ipt.chains
}
status() {
echo "$NAME Status Log:"
tac $IPTLOG | more
}
==============================
-
08-08-2004, 02:37 AM #7Temporarily Suspended
- Join Date
- Jun 2004
- Posts
- 216
Try to do the follownig
service apf restart
If you have run /scripts/securetmp while having the firewall running. It may be a smart thing to restart APF.
-
08-08-2004, 11:35 AM #8Disabled
- Join Date
- Apr 2001
- Posts
- 184
Originally posted by BitOMagic
Try to do the follownig
service apf restart
If you have run /scripts/securetmp while having the firewall running. It may be a smart thing to restart APF.
root@ns [~]# service apf restart
Stopping APF:/etc/init.d/apf: $IPTLOG: ambiguous redirect
/etc/init.d/apf: $IPTLOG: ambiguous redirect
[ OK ]
Starting APF:/usr/local/sbin/apf: $IPTLOG: ambiguous redirect
/usr/local/sbin/apf: $IPTLOG: ambiguous redirect
/usr/local/sbin/apf: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect
/etc/apf/firewall: $IPTLOG: ambiguous redirect