The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apf set_fastload

Discussion in 'Security' started by bumba000, Aug 2, 2014.

  1. bumba000

    bumba000 Member

    Joined:
    Aug 2, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello All,
    I've run a server for years now but am just really learning how to manage it. So, I've recently installed APF and have loaded a bunch of country.zone files into iptables. Between stop and start APF and then stop and start iptables I can load all new iptables deny rules into APF and it works GREAT.

    However, if APF is shut down and started again it becomes necessary to reload all rules into APF from iptables. So, I found out about this SET_FASTLOAD option. Since then I've applied to conf.apf SET_FASTLOAD = 1. Seems to work great all day, maybe even the next day or two. There comes a time though sometimes hours, sometimes a day or so... where all rules are dropped from APF again and allowing a full onslaught of brute force attempts from countries up to no good.

    How in the world can I get APF and iptables to keep working together without my direct daily interaction??

    Thank You.

    PS. sorry if I've used incorrect terminology to explain my situation.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    I don't believe APF offers an official support method for users of their application. You may want to consider using an alternative firewall such as CSF if you prefer to use something that's more integrated with cPanel/WHM and offers their own support forums.

    Thank you.
     
  3. bumba000

    bumba000 Member

    Joined:
    Aug 2, 2014
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi, Thanks for the reply. So APF is the alternative. The alternative to CSF. See I just couldn't get CSF to stop blocking legitimate traffic and SoftLayer isn't any real help with this ("it's out of their scope of support"). APF is working great other than this bi-daily purge which has happened again.. So again I've: -> service apf stop,service apf start, service iptables stop and finally service iptables start. Then I can apf --list and see there are over 60K+ rules. They'll be there for a day or so, then .... gone.

    Thank you.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Thank you for clarifying. You are welcome to seek out feedback here, but user-feedback might be limited as most of the users here use CSF for managing their iptables firewall rules.

    Thank you.
     

Share This Page