[BlueOnyx:26293] Re: Saving APF Blacklist opens firewall

[John Simpson]

Thanks!

I actually see it is even simpler than that...

*/etc/apf/apf -d 88.210.37.73 added by John*


I'm planning to set a script to tail the access_log and run that when
certain things happen, namely when someone tries to access legacy wordpress
functionality or tries multiple subscriptions through the web page.

Thanks,


John

On Wed, Jun 14, 2023 at 1:36 PM Ken Marcus <kenmarcusprecisionweb at gmail.com>
wrote:

> Try setting
> SET_FASTLOAD="1"
> in the /etc/apf/conf.apf
>
> Or skip APF and just block the IP from the command line using
> /sbin/route add -host $iptoblock reject
>
>
>
> Ken Marcus
> Precision Web Hosting, LLC
>
>
> On Tue, Jun 13, 2023 at 4:53 AM John Simpson via Blueonyx <
> blueonyx at mail.blueonyx.it> wrote:
>
>> Hi,
>>
>> (On 5209r)
>> I have noticed if I add an ip address to the APF Blacklist and press
>> Save, the firewall is open during the save process.
>> There are a lot of addresses in the firewall, and it takes several
>> seconds to process the saving of the list.
>> The firewall should be delaying traffic, not permitting traffic that
>> should be blocked while the rules are activated.
>>
>> I believe under the hood you are using iptables?
>> overly simplified operations should be:
>>
>> iptables -P INPUT DROP         # disable until all block rules are in
>> place
>> iptables -P FORWARD DROP # disable until all block rules are in place
>> iptables -P OUTPUT DROP    # disable until all block rules are in place
>> iptables -F  # flush rules
>> # add blocking rules for blacklist
>> # add rule at end to permit www traffic not already blocked
>> _______________________________________________
>> Blueonyx mailing list
>> Blueonyx at mail.blueonyx.it
>> http://mail.blueonyx.it/mailman/listinfo/blueonyx
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20230614/f418ef5e/attachment.html>