Hi Meaulnes, > • how comes an entry in Allow Host Rules isn't permanent and can get > ignored? > > • how can I find out which device behind this router using that > offending IP is abusing the output flow rating? E-mail clients usually > list in their outgoing mails the app name and the platform, can I read > such data in some APF log?
Entries in the APF Allow Host Rules are permanent and I don't know how these could get lost. However, there is a rare race-time issue where Fail2ban might order an IP to be blocked and APF will erroneously block it even if the IP has been whitelisted. Like said: This is rare, but I have seen it happen. :-/ If you have Fail2ban, then you might want to go to "Server Management" / "Security" / "Fail2ban" and add the whitelisted IP(s) to "Ignore IP's". That will make sure Fail2ban doesn't blacklist them at all. As for logfiles: /var/log/messages and /var/log/fail2ban.log might shed some light on what happened. Just grep these for the IP in question to see how, why and when this happened. -- With best regards Michael Stauber _______________________________________________ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx