Setting up APF on a VPS

Discussion in 'General Discussion' started by micko, Jan 25, 2006.

  1. virtuoso

    virtuoso Kilo Poster

    Messages:
    46
    What about this?
     
  2. madsere

    madsere Tera Poster

    Messages:
    352
    Yes, what about it? Looks like a statement, not a question, Besides, please don't hijack my thread, start a new one :)
     
  3. madsere

    madsere Tera Poster

    Messages:
    352
    Fenster, did you see my reply?

    Any ideas?
     
  4. madsere

    madsere Tera Poster

    Messages:
    352
    The only difference I can see is that the original entry is "broken" i.e. the IPTABLES_MODULES entry goes over two lines;

    # IPTABLES_MODULES="ip_tables ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle
    # ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length"

    Note there are no backslashes at the end of the first line to indicate the line continues.

    I merged the whole line into one in my entry.

    Is that the problem?
     
  5. fenster

    fenster Tera Poster

    Messages:
    429
    I think yes, extra linebreak could be the problem. I will fix an example in FAQ to make sure is does not have incorrect linebreaks.

    Thanks for that.
     
  6. madsere

    madsere Tera Poster

    Messages:
    352
    Actually if you copy/paste from the FAQ you get 3 or 4 linebreaks.

    If you look at the original /etc/sysconfig/iptables-config the IPTABLES_MODULES entry breaks over two lines.

    I would assume it should be one long line, that's how I entered it on my server BUT it DOES NOT WORK :)
     
  7. fenster

    fenster Tera Poster

    Messages:
    429
    It would be perfect if you submit a ticket with server access and PM the ticket number to me. I would like to take a look at it :)

    Thanks
     
  8. madsere

    madsere Tera Poster

    Messages:
    352
    Sorry but that would be too complicated - particularly as this really ought to be very very simple.

    If you could just double check your faq entry at http://faq.swsoft.com/article_130_875_en.html and confirm that everything is correct.

    Note the line in /etc/sysconfig/vz: is broken.

    Any other bugs in the FAQ?
     
  9. barmaley

    barmaley Mega Poster

    Messages:
    233
    Extra linebreak does not matter in
    iptables-config; this file just is sourced
    from /etc/rc.d/init.d/iptables and
    is used as

    ---
    for mod in $IPTABLES_MODULES; do
    echo -n "$mod "
    modprobe $mod > /dev/null 2>&1
    let ret+=$?;
    done
    ---

    I prefer to define this variable as

    IPTABLES_MODULES="ip_tables
    ipt_REJECT
    ipt_tos
    ipt_limit
    ipt_multiport
    iptable_filter
    iptable_mangle
    ipt_TCPMSS
    ipt_tcpmss
    ipt_ttl
    ipt_length
    ipt_REDIRECT
    ipt_TOS
    ip_conntrack
    ip_conntrack_ftp
    ipt_LOG
    ipt_conntrack
    ipt_state
    iptable_nat"

    for better readability and have no problems
    with it.

    This might also be true for /etc/sysconfig/vz but I am not 100% sure.
     
  10. madsere

    madsere Tera Poster

    Messages:
    352
    Ok that actually explains my problem.

    iptables was not enabled on this server (as in chkconfig --list iptables came up blank).

    I believe it was removed because it kept resetting my (manual) iptables entries. I'll have to check that again.

    Note to fester: Maybe worth noting in the FAQ entry that iptables have to be enabled in chkconfig for this FAQ to work.
     
  11. net64

    net64 Kilo Poster

    Messages:
    17
    HELP...APF problem w/ xinetd

    Forgive me as I am a newbie so my knowledge and lingo will improve as I learn...

    I installed APF and it is working to ban IP from the /var/log/mesages but I am getting a hugh amount of messages in /var/log/secure:

    xinetd [30500]: START: smtp pid=28493 from:(various IP's)

    This is happening every few seconds and I want to know what I can do to stop it?

    Thanks in advance...
    Newbie
     
  12. madsere

    madsere Tera Poster

    Messages:
    352
    @Newbie: Those messages are information that some people try to connect to your SMTP server - mostly spammers looking for an open relay.
     
  13. net64

    net64 Kilo Poster

    Messages:
    17
    I kind of figured that, but the question is what can I do about it...

    Or do I just ignore it?

    It doesn't seem to be affecting my resources currently.

    Thanks
     
  14. madsere

    madsere Tera Poster

    Messages:
    352
    You could read through your logfile and block each IP one by one - but it would be a lot of work and a never ending story. I think most people just mainly ignore it.
     
  15. manokiss

    manokiss Kilo Poster

    Messages:
    33
    We need do this in the v3.0 to install apf in each VE or something has changed?

    Thanx!
     
  16. faris

    faris Guru

    Messages:
    934
    Do you mean make the adjustments mentioned in the knowledgebase/howto? If so then yes - there is no change to what you need to do in v 3.0

    Faris.
     
  17. raghavraaz

    raghavraaz Bit Poster

    Messages:
    1
    Thanks a lot for the blog post.Much thanks again. Great.
     

Share This Page