<div dir="ltr">Try setting <div>SET_FASTLOAD="1"</div><div>in the /etc/apf/conf.apf</div><div><br></div><div>Or skip APF and just block the IP from the command line using</div><div>/sbin/route add -host $iptoblock reject</div><div><br></div><div><br></div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Ken Marcus<div>Precision Web Hosting, LLC</div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 13, 2023 at 4:53 AM John Simpson via Blueonyx <<a href="mailto:blueonyx@mail.blueonyx.it">blueonyx@mail.blueonyx.it</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>(On 5209r)</div><div>I have noticed if I add an ip address to the APF Blacklist and press Save, the firewall is open during the save process.</div><div>There are a lot of addresses in the firewall, and it takes several seconds to process the saving of the list.</div><div>The firewall should be delaying traffic, not permitting traffic that should be blocked while the rules are activated.</div><div><br></div><div>I believe under the hood you are using iptables?</div><div>overly simplified operations should be: </div><div><br></div><div>iptables -P INPUT DROP # disable until all block rules are in place</div><div>iptables -P FORWARD DROP # disable until all block rules are in place</div><div>iptables -P OUTPUT DROP # disable until all block rules are in place<br></div><div>iptables -F # flush rules</div><div># add blocking rules for blacklist</div><div># add rule at end to permit www traffic not already blocked</div></div>
_______________________________________________<br>
Blueonyx mailing list<br>
<a href="mailto:Blueonyx@mail.blueonyx.it" target="_blank">Blueonyx@mail.blueonyx.it</a><br>
<a href="http://mail.blueonyx.it/mailman/listinfo/blueonyx" rel="noreferrer" target="_blank">http://mail.blueonyx.it/mailman/listinfo/blueonyx</a><br>
</blockquote></div>