apf firewall

I have exactly the same issue. Did you find a solution yet? anyone??

Tim -

 

APF Telnet Config

I'm wondering where you were told to edit prelog.rules and preroute.rules. I installed apf about three weeks ago and only removed port 25 from the list in conf.apf to prevent telnet access, and it worked ok.

 

That means you don't have all the requiered
kernel modules for iptables
(/lib/modules/<kernel version>kernel/net/ipv4/netfilter/)
or that your kernel doesn't have the ability to
load modules post boot.

 

I installed APF and only configured conf.apf i took out the port that telnet used, to disable access to it. My firewall seems to be running pretty nicely..... never read anywhere about editing prelog.rules and preroute.rules ... Try redoing APF installation but only edit conf.apf to set up what ports u want blocked, and what ports u want opened.. and see what happens...

 

Well this is off the topic but related. I wonder how do i make the script to log the packet for antidos use into another file instead of /var/log/messages maybe to something like /var/log/packetlog

I believe that the antidos will parse the log file slower as lots of unrelated log resides in the the file messages. So, by saperating the logfile maybe it could parse faster.

I was thinking to edit the syslog settings but im not sure whats the flag for ipchains. so this narrow down to editing the syslog or the apf itself.

 

antidos greps specifically for only the specific firewall chains then caches those logged chains and runs it' routines based on the cache file rather than always checking the log.

likewise to the point yes logging packets to there own file would be very well suited but sadly syslog tracks logs based on facilities and not content type -- so it becomes very difficult to seperate logs based on content specifics like iptables logs or otherwise. All you can really do is change the log level (facility) and set syslog to catch that level to a specific file however every log level is used by something or other so you will always end up with mixed logs.

 

I'm not really sure on chaging the settings for the syslog because i don't really understand how it works. I'll to find some pages on the net regarding this. If you could show an example this would fasten up my work.

The second thing i'm curious is the amount of policies loaded is way too many. What wonders me is, does those policies will have effect on the system resource. Maybe like parsing the packet and it gets slower since theres alot of policies to go trough before letting the daemon receive the packet. I'm just curious...