BFD without APF?

[DavidR]

I'm using a Virtuozzo VPS which appears to be unable to run APF. Does anyone know if BFD will work without APF? I know that on my old system with both installed, BFD used APF to ban the IP's from attacks. My host installed a firewall script but even if I find out how to ad IP's to it, does anyone have experience altering that behavior with BFD? I would greatly appreciate any feedback. I've posted on rfxnetworks.com but it's pretty quite over there.

Failing anything else, are there any decent replacements available for BFD? Thanks! :D

David

 

[dezignguy]

BFD would be useless without APF to actually block the 'bad' ips. It is just a shell script though, so if you know or can learn the scripting language, it shouldn't be too difficult to modify how it adds the ip to the apf firewall, so you should be able to get it to work with your firewall, if your firewall supports adding ips to block in the same way that APF/iptables works.

 

[chirpy]

Actually, it's very simple to configure BFD without APF (I do it for people with vps's all the time). You just need to modify /usr/local/bfd/conf.bfd and set BCMD to something that your server can deal with:

1. Stick the IP address in /etc/hosts.deny using the example command:

BCMD="echo ALL:$ATT_HOST >> /etc/hosts.deny"

2. Stick it directly into iptables (but will be lost on reboot):

BCMD="iptables -I INPUT -p tcp -s $ATT_HOST -j DROP"

 

[dezignguy]

Neat... that seems pretty handy... I hadn't taken a close look at BFD in a while and forgot that it had the block command in the config file so it wasn't necessary to modify the script itself.

 

[DavidR]

I should be able to handle that. Since I assume the BFD/APF combination blocks them permanently, I will use solution #1 to do the same. Thanks!

David

 

[casey]

Does anybody know of a good firewall to use with VPS servers? Or DavidR, would your host object to you sharing the script they used?

 

[DavidR]

If you are using a UML (User Mode Linux) based VPS, you can install APF and set the "MONOKERN=1" in it's config. If using Virtuozzo, APF doesn't work. I will ask my host if there is any problem posting theirs for Virtuozzo VPS.

David

 

[casey]

The two I have are virtuozzo.