Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

APF firewall and new IPs

Discussion in 'General Discussion' started by Kasper.S, Oct 14, 2004.

  1. Kasper.S

    Kasper.S Member

    Joined:
    Feb 19, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Finland
    Hello,

    I bought new IPs for ssl connections. I added the IPs from WHM. I restarted APF firewall but no mention in apf log about new ips. What i need to do that ips are covered by APF firewall running at the server?

    - Regards, Kasper.S
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Try running:

    /etc/apf/vnet/vnetgen
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Kasper.S

    Kasper.S Member

    Joined:
    Feb 19, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Finland
    Thanks for the answer! I tried but nothing happened. In /etc/apf/vnet/ there is files main.vnet and vnetgen.def (and vnetgen). Those are not modified anyhow so ips must be added to those files somehow?
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Might depend on which version of APF you are using. The latest one only requires a reload of APF to register new IP addresses in the firewall:

    apf -r

    You can then check whether it has picked up the new IP address with:

    iptables -L -n | grep 11.22.33.44

    Where 11.22.33.44 is your new IP address. If it gets some hits, it should be working OK.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Kasper.S

    Kasper.S Member

    Joined:
    Feb 19, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Finland
    It seems that ips was there already. for example..

    iptables -L -n | grep 69.57.139.136
    tcp -- 69.57.139.136 0.0.0.0/0 tcp dpt:80
    tcp -- 0.0.0.0/0 69.57.139.136 tcp spt:80
    tcp -- 69.57.139.136 0.0.0.0/0 tcp dpt:25
    tcp -- 0.0.0.0/0 69.57.139.136 tcp spt:25
    tcp -- 69.57.139.136 0.0.0.0/0 tcp dpt:110
    tcp -- 0.0.0.0/0 69.57.139.136 tcp spt:110
    icmp -- 69.57.139.136 0.0.0.0/0
    icmp -- 0.0.0.0/0 69.57.139.136
    tcp -- 69.57.139.136 0.0.0.0/0
    tcp -- 0.0.0.0/0 69.57.139.136
    udp -- 69.57.139.136 0.0.0.0/0
    udp -- 0.0.0.0/0 69.57.139.136
    all -- 69.57.139.136 0.0.0.0/0
    all -- 0.0.0.0/0 69.57.139.136


    I though that those ips should found in listing when doing apf -st, only main + DNS ips was there.

    - Cheers, Kasper.S
     
  6. Kasper.S

    Kasper.S Member

    Joined:
    Feb 19, 2004
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    Finland
    Virtual network wasn't enabled (EN_VNET="0") so now it is working.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice