+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: APF firewall AND ISPCP_NETWORK problems (/thread-3990.html)
APF firewall AND ISPCP_NETWORK problems - prale - 08-09-2008 01:38 AM
Hello, I use APF firewall with DDOS Deflate.
They say it the best out there, but I have a little conflict with ISPCP_NETWORK.
The stats, rootkithunter etc wont work after 06.00u every day.
I have to restart ISPCP_NETWORK to get them working again.
I found out that if I do:
/etc/init.d/apf restart
It flushes all iptables, and ispcp_network doesn't recreate them.
So I checked the cron for APF:
*/10 * * * * root /etc/apf/apf --refresh >> /dev/null 2>&1 &
I don't know if this is the right cronjob (I can't see a relation to 06:00u), but I want to try restart ISPCP_NETWORK after this line.
I'm a noob with cron, can someone tell me how I can add this command?
Thanks!
RE: APF firewall AND ISPCP_NETWORK problems - prale - 08-09-2008 01:57 AM
Hmmmz this cron runs every 10minutes, and is generated from the apf config.
So I can't edit it manually since it's overwritten every time. APF restarts.
I also found this in the config:
# The fast load feature makes use of the iptables-save/restore facilities to do
# a snapshot save of the current firewall rules on an APF stop then when APF is
# instructed to start again it will restore the snapshot. This feature allows
# APF to load hundreds of rules back into the firewall without the need to
# regenerate every firewall entry.
# Note: a) if system uptime is below 5 minutes, the snapshot is expired
# b) if snapshot age exceeds 12 hours, the snapshot is expired
# c) if conf or a .rule has changed since last load, snapshot is expired
# d) if it is your first run of APF since install, snapshot is generated
# - an expired snapshot means APF will do a full start rule-by-rule
SET_FASTLOAD="0"
But if I enable this, the snapshot can still expire.
Another possibility is to edit ISPCP_NETWORK to check for the needed IPTABLES.
If not, it must only restart once.
Any ideas?
Thanx again.
RE: APF firewall AND ISPCP_NETWORK problems - prale - 08-18-2008 10:48 PM
Nobody?