How to: Install APF working with DA

deltaned said:
Hi,

I see when I start APF with /usr/local/sbin/apf -st firewall initalized
But after 5 min the firewall will be offline after the 5 min flush .

COPY LOGFILE:
APF Status Log:
jan 02 08:25:03 feyenoord apf(23833): firewall offline
jan 02 08:25:01 feyenoord apf(23833): flushing & zeroing chain policies
jan 02 08:20:01 feyenoord apf(23617): firewall offline
jan 02 08:20:01 feyenoord apf(23617): flushing & zeroing chain policies
jan 02 08:19:25 feyenoord apf(23049): firewall initalized
jan 02 08:19:25 feyenoord apf(23099): default (ingress) input drop
jan 02 08:19:25 feyenoord apf(23099): default (egress) output accept
jan 02 08:19:25 feyenoord apf(23099): opening inbound icmp type 8 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound icmp type 30 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound icmp type 0 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound icmp type 11 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound icmp type 5 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound icmp type 3 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound udp port 53 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound tcp port 6000:7000 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound tcp port 3306 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound tcp port 2222 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound tcp port 143 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound tcp port 110 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound tcp port 443 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound tcp port 80 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound tcp port 53 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound tcp port 25 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound tcp port 22 on 0/0
jan 02 08:19:25 feyenoord apf(23099): opening inbound tcp port 21 on 0/0
jan 02 08:19:25 feyenoord apf(23099): loading main.rules
jan 02 08:19:25 feyenoord apf(23099): virtual net subsystem disabled.
jan 02 08:19:25 feyenoord apf(23099): loading log.rules
jan 02 08:19:24 feyenoord apf(23099): loading ds_hosts.rules
jan 02 08:19:24 feyenoord apf(23099): loading bt.rules
jan 02 08:19:24 feyenoord apf(23099): loading preroute.rules
jan 02 08:19:24 feyenoord apf(23099): setting sysctl_syn enabled.
jan 02 08:19:24 feyenoord apf(23099): setting sysctl_tcp enabled.
jan 02 08:19:24 feyenoord apf(23099): loading sysctl.rules
jan 02 08:19:24 feyenoord apf(23099): determined (OUT_IF) eth0 has address 217.1
48.168.67
jan 02 08:19:24 feyenoord apf(23099): determined (IN_IF) eth0 has address xxx.xxx.xxx.xxx (my IP)
jan 02 08:19:24 feyenoord apf(23099): development mode enabled!; firewall will f
lush every 5 minutes.
jan 02 08:19:24 feyenoord apf(23049): parsing block.txt into /etc/apf/ds_hosts.r
ules
jan 02 08:19:24 feyenoord apf(23049): downloading http://feeds.dshield.org/block
.txt
jan 02 08:19:24 feyenoord apf(23049): activating firewall
jan 02 08:19:20 feyenoord apf(23022): status log not found, created

Anyone tips to let APF working?
Click to expand...

# Set firewall cronjob (devel mode)
# 1 = enabled / 0 = disabled
DEVEL_MODE="0"

make sure it is disabled
 
milan said:
Is there any info how to get this working on a debian box?
Click to expand...

I tried compiling APF on Debian. You'll get an error that it cannot copy over the rc.d scripts, as Debian uses it's own system for this. You'll have to copy over the startup script manually after the install.
 
And after copying the startup script to /etc/init.d manually, you will also need to run update-rc.d apf defaults to have apf automatically start if the system is ever restarted.
 
You must log in or register to reply here.
Back
Top