[BlueOnyx:26286] Saving APF Blacklist opens firewall
John Simpson
john at swajime.com
Tue Jun 13 06:47:07 -05 2023
Hi,
(On 5209r)
I have noticed if I add an ip address to the APF Blacklist and press Save,
the firewall is open during the save process.
There are a lot of addresses in the firewall, and it takes several seconds
to process the saving of the list.
The firewall should be delaying traffic, not permitting traffic that should
be blocked while the rules are activated.
I believe under the hood you are using iptables?
overly simplified operations should be:
iptables -P INPUT DROP # disable until all block rules are in place
iptables -P FORWARD DROP # disable until all block rules are in place
iptables -P OUTPUT DROP # disable until all block rules are in place
iptables -F # flush rules
# add blocking rules for blacklist
# add rule at end to permit www traffic not already blocked
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20230613/127a6c52/attachment.html>
More information about the Blueonyx
mailing list