[BlueOnyx:26295] Re: Saving APF Blacklist opens firewall

Taco Scargo taco at blueonyx.nl
Thu Jun 15 02:23:36 -05 2023 

Isn’t that what fail2ban does?

Best regards,

Taco

> On 14 Jun 2023, at 19:48, John Simpson via Blueonyx <blueonyx at mail.blueonyx.it> wrote:
> 
> Thanks!
> 
> I actually see it is even simpler than that...
> 
> /etc/apf/apf -d 88.210.37.73 added by John
> 
> I'm planning to set a script to tail the access_log and run that when certain things happen, namely when someone tries to access legacy wordpress functionality or tries multiple subscriptions through the web page.
> 
> Thanks,
> 
> 
> John
> 
> On Wed, Jun 14, 2023 at 1:36 PM Ken Marcus <kenmarcusprecisionweb at gmail.com <mailto:kenmarcusprecisionweb at gmail.com>> wrote:
>> Try setting 
>> SET_FASTLOAD="1"
>> in the /etc/apf/conf.apf
>> 
>> Or skip APF and just block the IP from the command line using
>> /sbin/route add -host $iptoblock reject
>> 
>> 
>> 
>> Ken Marcus
>> Precision Web Hosting, LLC
>> 
>> 
>> On Tue, Jun 13, 2023 at 4:53 AM John Simpson via Blueonyx <blueonyx at mail.blueonyx.it <mailto:blueonyx at mail.blueonyx.it>> wrote:
>>> Hi,
>>> 
>>> (On 5209r)
>>> I have noticed if I add an ip address to the APF Blacklist and press Save, the firewall is open during the save process.
>>> There are a lot of addresses in the firewall, and it takes several seconds to process the saving of the list.
>>> The firewall should be delaying traffic, not permitting traffic that should be blocked while the rules are activated.
>>> 
>>> I believe under the hood you are using iptables?
>>> overly simplified operations should be: 
>>> 
>>> iptables -P INPUT DROP         # disable until all block rules are in place
>>> iptables -P FORWARD DROP # disable until all block rules are in place
>>> iptables -P OUTPUT DROP    # disable until all block rules are in place
>>> iptables -F  # flush rules
>>> # add blocking rules for blacklist
>>> # add rule at end to permit www traffic not already blocked
>>> _______________________________________________
>>> Blueonyx mailing list
>>> Blueonyx at mail.blueonyx.it <mailto:Blueonyx at mail.blueonyx.it>
>>> http://mail.blueonyx.it/mailman/listinfo/blueonyx
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20230615/7e0cb5eb/attachment.html>

More information about the Blueonyx mailing list