[BlueOnyx:24554] Re: APF Firewall deletes Whitelist entry
Michael Stauber
mstauber at blueonyx.it
Fri Dec 4 11:01:27 -05 2020
Hi Meaulnes,
> • how comes an entry in Allow Host Rules isn't permanent and can get
> ignored?
>
> • how can I find out which device behind this router using that
> offending IP is abusing the output flow rating? E-mail clients usually
> list in their outgoing mails the app name and the platform, can I read
> such data in some APF log?
Entries in the APF Allow Host Rules are permanent and I don't know how
these could get lost.
However, there is a rare race-time issue where Fail2ban might order an
IP to be blocked and APF will erroneously block it even if the IP has
been whitelisted. Like said: This is rare, but I have seen it happen. :-/
If you have Fail2ban, then you might want to go to "Server Management" /
"Security" / "Fail2ban" and add the whitelisted IP(s) to "Ignore IP's".
That will make sure Fail2ban doesn't blacklist them at all.
As for logfiles: /var/log/messages and /var/log/fail2ban.log might shed
some light on what happened. Just grep these for the IP in question to
see how, why and when this happened.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list