bumba000

Member
Aug 2, 2014
9
0
1
cPanel Access Level
Root Administrator
Hello All,
I've run a server for years now but am just really learning how to manage it. So, I've recently installed APF and have loaded a bunch of country.zone files into iptables. Between stop and start APF and then stop and start iptables I can load all new iptables deny rules into APF and it works GREAT.

However, if APF is shut down and started again it becomes necessary to reload all rules into APF from iptables. So, I found out about this SET_FASTLOAD option. Since then I've applied to conf.apf SET_FASTLOAD = 1. Seems to work great all day, maybe even the next day or two. There comes a time though sometimes hours, sometimes a day or so... where all rules are dropped from APF again and allowing a full onslaught of brute force attempts from countries up to no good.

How in the world can I get APF and iptables to keep working together without my direct daily interaction??

Thank You.

PS. sorry if I've used incorrect terminology to explain my situation.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Hello :)

I don't believe APF offers an official support method for users of their application. You may want to consider using an alternative firewall such as CSF if you prefer to use something that's more integrated with cPanel/WHM and offers their own support forums.

Thank you.
 

bumba000

Member
Aug 2, 2014
9
0
1
cPanel Access Level
Root Administrator
Hi, Thanks for the reply. So APF is the alternative. The alternative to CSF. See I just couldn't get CSF to stop blocking legitimate traffic and SoftLayer isn't any real help with this ("it's out of their scope of support"). APF is working great other than this bi-daily purge which has happened again.. So again I've: -> service apf stop,service apf start, service iptables stop and finally service iptables start. Then I can apf --list and see there are over 60K+ rules. They'll be there for a day or so, then .... gone.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,227
463
Thank you for clarifying. You are welcome to seek out feedback here, but user-feedback might be limited as most of the users here use CSF for managing their iptables firewall rules.

Thank you.