Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : APF rules keep reseting?!!

[best_wish]

I got on one of my dedi server apf firewall installed and it keep reseting every 24 hours?!


btw i put the devile mode to 0 and styill no help.

any idea why thi keep hapening?

btw i have cpanel 11 and centos 4 runing

[blessen]

Make sure that you dont have any cron to flush iptables rules. APF actually uses iptables to act as a firewall. So if iptables rules are flushed then apf will not be effective. So check if you have any such cron setup with the command /usr/bin/iptables or /path /iptables -F

[best_wish]

Quote:

Originally Posted by blessen

Make sure that you dont have any cron to flush iptables rules. APF actually uses iptables to act as a firewall. So if iptables rules are flushed then apf will not be effective. So check if you have any such cron setup with the command /usr/bin/iptables or /path /iptables -F

Thanks Mr. Blessen for kind reply.

but i get error on those commands.

root@ [~]# /path /iptables -F
-bash: /path: No such file or directory
root@ [~]# /usr/bin/iptables
-bash: /usr/bin/iptables: No such file or directory

[blessen]

You have to find the path to iptables....thats what i meant by /path /iptables

You can find path by executing the command " whereis iptables "

Also, if execute the command " iptables -F " it will flush all your iptables rules. I do not understand why you want to execute it. What i meant was to check your cron files to see if there is any cron which is set to flush the iptables rules on a daily basis.

[best_wish]

Quote:

Originally Posted by blessen

You have to find the path to iptables....thats what i meant by /path /iptables

You can find path by executing the command " whereis iptables "

Also, if execute the command " iptables -F " it will flush all your iptables rules. I do not understand why you want to execute it. What i meant was to check your cron files to see if there is any cron which is set to flush the iptables rules on a daily basis.

ah ok i got it.

I checked cron.daly and cron.hourly they both empty.

[david510]

Path to iptables will be /sbin/iptables. Configure the APF as seen here. It will be fine.

http://www.webhostgear.com/61.html

[best_wish]

hi mr. David

I done exactly the same on my other server it works fine. but on this one not.

it was working some months ago fine.

I add today some ips to be blocked and the next day the deny_hosts.rules is empty!

[david510]

Check the apf log file to see if the firewall is getting flushed.

grep flushing /var/log/apf_log*

[best_wish]

yeh i get such a output.

/var/log/apf_log:Nov 14 08:15:54 sms apf(27433): {glob} flushing & zeroing chain
policies
/var/log/apf_log:Nov 14 08:16:37 sms apf(29386): {glob} flushing & zeroing chain
policies
/var/log/apf_log:Nov 15 00:00:01 sms apf(10711): {glob} flushing & zeroing chain
policies
/var/log/apf_log:Nov 15 00:00:02 sms apf(10949): {glob} flushing & zeroing chain
policies
/var/log/apf_log:Nov 15 04:02:07 sms apf(25556): {glob} flushing & zeroing chain
policies

[david510]

check for the crons that runs at the same time.

[best_wish]

Quote:

Originally Posted by david510

check for the crons that runs at the same time.

sorry but where to check them as i checked in etc/cron.daily they were empty.

[-Edward-]

crontab -e

[best_wish]

here is what i see in crontab

0 0 * * * echo '' > /etc/apf/deny_hosts.rules;/etc/apf/apf -f;/etc/apf/apf -r;/$

shoould i delete that line?

[arbet]

Make sure that your APF config settings are not in development mode.

Code:

open /etc/apf/conf.apf, 
change the DEVEL_MODE="1" to DEVEL_MODE="0"

This will stop flushing your firewall.

Code:

apf -r

to restart your firewall, it should work.

[best_wish]

Quote:

Originally Posted by arbet

Make sure that your APF config settings are not in development mode.

Code:

open /etc/apf/conf.apf, 
change the DEVEL_MODE="1" to DEVEL_MODE="0"

This will stop flushing your firewall.

Code:

apf -r

to restart your firewall, it should work.

no its not in dev mod as i mantioned in my first post.