Current time: 11-26-2024, 04:52 AM Hello There, Guest! (LoginRegister)


Post Reply 
APF firewall AND ISPCP_NETWORK problems
Author Message
prale Offline
Junior Member
*

Posts: 92
Joined: Feb 2008
Reputation: 1
Post: #1
APF firewall AND ISPCP_NETWORK problems
Hello, I use APF firewall with DDOS Deflate.
They say it the best out there, but I have a little conflict with ISPCP_NETWORK.

The stats, rootkithunter etc wont work after 06.00u every day.
I have to restart ISPCP_NETWORK to get them working again.

I found out that if I do:
/etc/init.d/apf restart
It flushes all iptables, and ispcp_network doesn't recreate them.

So I checked the cron for APF:
*/10 * * * * root /etc/apf/apf --refresh >> /dev/null 2>&1 &

I don't know if this is the right cronjob (I can't see a relation to 06:00u), but I want to try restart ISPCP_NETWORK after this line.

I'm a noob with cron, can someone tell me how I can add this command?

Thanks!
08-09-2008 01:38 AM
Find all posts by this user Quote this message in a reply
prale Offline
Junior Member
*

Posts: 92
Joined: Feb 2008
Reputation: 1
Post: #2
RE: APF firewall AND ISPCP_NETWORK problems
Hmmmz this cron runs every 10minutes, and is generated from the apf config.
So I can't edit it manually since it's overwritten every time. APF restarts.

I also found this in the config:

# The fast load feature makes use of the iptables-save/restore facilities to do
# a snapshot save of the current firewall rules on an APF stop then when APF is
# instructed to start again it will restore the snapshot. This feature allows
# APF to load hundreds of rules back into the firewall without the need to
# regenerate every firewall entry.
# Note: a) if system uptime is below 5 minutes, the snapshot is expired
# b) if snapshot age exceeds 12 hours, the snapshot is expired
# c) if conf or a .rule has changed since last load, snapshot is expired
# d) if it is your first run of APF since install, snapshot is generated
# - an expired snapshot means APF will do a full start rule-by-rule
SET_FASTLOAD="0"

But if I enable this, the snapshot can still expire.

Another possibility is to edit ISPCP_NETWORK to check for the needed IPTABLES.
If not, it must only restart once.

Any ideas?

Thanx again.
(This post was last modified: 08-09-2008 01:59 AM by prale.)
08-09-2008 01:57 AM
Find all posts by this user Quote this message in a reply
prale Offline
Junior Member
*

Posts: 92
Joined: Feb 2008
Reputation: 1
Post: #3
RE: APF firewall AND ISPCP_NETWORK problems
Nobody?
08-18-2008 10:48 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)