[BlueOnyx:17625] Re: dFix/dFix2 problems

Greg Kuhnert gkuhnert at compassnetworks.com.au
Tue May 19 05:20:11 -05 2015 

> On 18 May 2015, at 5:29 pm, Steve Davis <thezio at gmail.com> wrote:
> 
> I asked this same question several months ago. 
> 
> Where are the allow and deny files for dfix? 
> 
> They are not in /etc/sec on my 5208R . There is no /etc/sec

dfix2 stores rules in /etc/sec

There are no user configurable rules definitions for dfix free edition

hosts.allow is used in both versions, but no subnet masks or ranges. Only individual IP addresses are recognised.

 
> -----Original Message-----
> From: blueonyx-bounces at mail.blueonyx.it [mailto:blueonyx-bounces at mail.blueonyx.it] On Behalf Of Chris Gebhardt - VIRTBIZ Internet
> Sent: Sunday, May 17, 2015 4:57 PM
> To: blueonyx at mail.blueonyx.it
> Subject: [BlueOnyx:17621] Re: dFix/dFix2 problems
> 
> Hi Alberto,
> 
> On 5/17/2015 1:58 PM, Alberto Paglino wrote:
>> I have problems activating SNMP on a 5208 BO server.
>> 
>> As soon as PRTG network monitor starts to check my BO server, dfix2 
>> puts the scanning host in IPtables as blocked and I can’t monitor my BO server.
>> I tried to add the ip in hosts.allow, without success. I tried also to 
>> logon using ssh into BO server from SNMP scanner, hoping in the auto 
>> white list feature, one more time without success.
> 
> dfix does not use or reference /etc/hosts.allow (at least, not to my
> knowledge) so it is logical that placing the IP into /etc/hosts.allow did not solve your trouble.
> 
>> How can I do?
> 
> I'm not a dfix user myself, but perhaps someone can weigh in on the recommended method to whitelist an IP with dfix.
> 
> I am aware of another user who received some advice last year, which is archived here:
> https://www.mail-archive.com/blueonyx@mail.blueonyx.it/msg08578.html
> 
> This portion of the post from Michael Stauber may help you:
> Usually DFIX2 uses access deny, but yours interfaces with the APF firewall to dynamically generate (and remove) blocks for offending IP addresses.
> 
> The rules for DFIX2 are located in /etc/sec/ and it logs events to /var/log/sec
> 
> So you might want to do two things:
> 
> a.) Check /var/log/sec to see which rule triggered to block you. Then you can either adjust the rule, or can see if the blocking happened for more or less good reasons.
> 
> b.) Edit /etc/apf/allow_hosts.rules and (following the examples in it) add your IP to the whitelisted IP address range.
> 
> Changes in the DFIX2 config files require DFIX2 to be restarted:
> 
> /sbin/service sec restart
> 
> Changes in the APF config files require that APF is restarted:
> 
> /sbin/service apf restart
> 
> --
> Chris Gebhardt
> VIRTBIZ Internet Services
> Access, Web Hosting, Colocation, Dedicated www.virtbiz.com | toll-free (866) 4 VIRTBIZ _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx
> 
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

More information about the Blueonyx mailing list