Results 1 to 7 of 7
Thread: APF problems
-
05-17-2007, 08:41 AM #1Web Hosting Master
- Join Date
- Apr 2005
- Location
- Tinterweb
- Posts
- 556
APF problems
I have just got an ssh issue sorted 10 minutes ago, now I have a problem with APF.
I decided to install CSF, went ok, disabled apf. Didn’t like CSF to much and didn’t have time to configure it correctly. So uninstalled csf, now APF is my main firewall, but for some reason it doesn’t want to block ports, even though I have only enabled certain ports to be allowed such as 21, 80 etc. Restarted APF, rebooted server.
If anyone has any ideas please let me know.
-
05-17-2007, 10:17 AM #2Junior Guru
- Join Date
- Aug 2003
- Location
- Florida
- Posts
- 181
Any chance you accidentally rebooted to a different kernel without iptables? No change in the APF conf at all since your working pre-CSF install, right?
Tyler
www.AdminZoom.com
"Server Administration Done Right"
Server setup, hardening, migrations and more
-
05-17-2007, 10:31 AM #3Web Hosting Master
- Join Date
- Apr 2005
- Location
- Tinterweb
- Posts
- 556
I only rebooted when this issue arisen. IPtables is installed and working.
APF working and configured. Its just not blocking ports for some reason.
-
05-17-2007, 11:00 AM #4Web Hosting Master
- Join Date
- May 2006
- Location
- India
- Posts
- 661
These are the possibilities i could think of :-
1) Your main IP is on eth1 and you have APF configured for eth0.
2) You have multiple uncommented entries of IG_TCP_CPORTS in apf conf. Only the last entry matters.
Before that, check whether its APF only that controls your firewall. To check that - stop your apf and list your iptables rules ( iptables -L -n ). If you still have non-empty rulesets listed, apf no longer has any control over the firewall. In that case, you will need to dig further██ SparkSupport.Com - The Premier Tech Company
██ Cloud Solutions|Email Infra setup|VOIP|Video Streaming|Software Development
██ Email: info@sparksupport.com █ Phone : 1- 408-600-1449 | Skype : shijils
-
05-17-2007, 11:19 AM #5Keep rockin' in the free world
- Join Date
- May 2002
- Location
- Kingston, Ontario
- Posts
- 1,588
Yep check your iptables rules and make sure APF is actually loading the ruleset. iptables -L
-
05-17-2007, 11:27 AM #6Web Hosting Master
- Join Date
- Apr 2005
- Location
- Tinterweb
- Posts
- 556
When I stop apf, i have an empty rule set, when I start apf the rules are loaded.
-
05-17-2007, 12:01 PM #7Web Hosting Master
- Join Date
- Apr 2005
- Location
- Tinterweb
- Posts
- 556
Just done an APF re-install, seems to be blocking the correct ports.