[BlueOnyx:26294] Re: Saving APF Blacklist opens firewall
Hi John, I actually see it is even simpler than that... */etc/apf/apf -d 88.210.37.73 added by John* That's correct. Just adding an IP or IP address range via "apf -d " doesn't require a full reload of APF. -- With best regards Michael Stauber ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:26293] Re: Saving APF Blacklist opens firewall
Thanks! I actually see it is even simpler than that... */etc/apf/apf -d 88.210.37.73 added by John* I'm planning to set a script to tail the access_log and run that when certain things happen, namely when someone tries to access legacy wordpress functionality or tries multiple subscriptions through the web page. Thanks, John On Wed, Jun 14, 2023 at 1:36 PM Ken Marcus wrote: > Try setting > SET_FASTLOAD="1" > in the /etc/apf/conf.apf > > Or skip APF and just block the IP from the command line using > /sbin/route add -host $iptoblock reject > > > > Ken Marcus > Precision Web Hosting, LLC > > > On Tue, Jun 13, 2023 at 4:53 AM John Simpson via Blueonyx < > blueonyx@mail.blueonyx.it> wrote: > >> Hi, >> >> (On 5209r) >> I have noticed if I add an ip address to the APF Blacklist and press >> Save, the firewall is open during the save process. >> There are a lot of addresses in the firewall, and it takes several >> seconds to process the saving of the list. >> The firewall should be delaying traffic, not permitting traffic that >> should be blocked while the rules are activated. >> >> I believe under the hood you are using iptables? >> overly simplified operations should be: >> >> iptables -P INPUT DROP # disable until all block rules are in >> place >> iptables -P FORWARD DROP # disable until all block rules are in place >> iptables -P OUTPUT DROP# disable until all block rules are in place >> iptables -F # flush rules >> # add blocking rules for blacklist >> # add rule at end to permit www traffic not already blocked >> ___ >> Blueonyx mailing list >> Blueonyx@mail.blueonyx.it >> http://mail.blueonyx.it/mailman/listinfo/blueonyx >> > ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx
[BlueOnyx:26292] Re: Saving APF Blacklist opens firewall
Try setting SET_FASTLOAD="1" in the /etc/apf/conf.apf Or skip APF and just block the IP from the command line using /sbin/route add -host $iptoblock reject Ken Marcus Precision Web Hosting, LLC On Tue, Jun 13, 2023 at 4:53 AM John Simpson via Blueonyx < blueonyx@mail.blueonyx.it> wrote: > Hi, > > (On 5209r) > I have noticed if I add an ip address to the APF Blacklist and press Save, > the firewall is open during the save process. > There are a lot of addresses in the firewall, and it takes several seconds > to process the saving of the list. > The firewall should be delaying traffic, not permitting traffic that > should be blocked while the rules are activated. > > I believe under the hood you are using iptables? > overly simplified operations should be: > > iptables -P INPUT DROP # disable until all block rules are in place > iptables -P FORWARD DROP # disable until all block rules are in place > iptables -P OUTPUT DROP# disable until all block rules are in place > iptables -F # flush rules > # add blocking rules for blacklist > # add rule at end to permit www traffic not already blocked > ___ > Blueonyx mailing list > Blueonyx@mail.blueonyx.it > http://mail.blueonyx.it/mailman/listinfo/blueonyx > ___ Blueonyx mailing list Blueonyx@mail.blueonyx.it http://mail.blueonyx.it/mailman/listinfo/blueonyx