[BlueOnyx:24551] APF Firewall deletes Whitelist entry

[Meaulnes Legler @ MailList]

hello

this happened already a couple of times: the router IP of a customer got blacklisted from the APF Firewall for an unknown reason, no new iPhone configuration nor new mailer setup, the users just using standard Internet activities like chat, e-mail or browsing.

after a routing reset, the new IP got again blacklisted after a while. I deleted that IP from the Deny Host Rules and added it to the whitelist Allow Host Rules, the users could surf again.

not a week went by and the same IP got _again_ blacklisted — the weird thing is that the IP entry disappeared from the whitelist, meaning somehow: «you may NOT allow this IP, it's just too evil» :-)

• how comes an entry in Allow Host Rules isn't permanent and can get ignored?

• how can I find out which device behind this router using that offending IP is abusing the output flow rating? E-mail clients usually list in their outgoing mails the app name and the platform, can I read such data in some APF log?

thank you and best regards

で⊃ Meaulnes Legler
Zurich, Switzerland
+41¦0 44 260-1660