How to install APF (Advanced Policy Firewall) Published: Jan 20, 2004
  • Rating

    4/5

Tripod Support is a highly acclaimed, global outsourcing company focused on delivering customer care solutions to web hosting companies. We had a chance to interview is Roj Niyogi, President of Tripod Support Solutions to find out more.

Tripod Support is a highly acclaimed, global outsourcing company focused on delivering customer care solutions to web hosting companies.  We had a chance to interview is Roj Niyogi, President of Tripod Support Solutions to find out more about what they can offer us.

Tripod Support Solutions
www.tripodsupport.com

What is your name and title?
Thanks for having me.  My name is Roj Niyogi.  I'm President of Tripod Support Solutions.

When did your company officially launch?
Our company officially launched December 2003.  We are a brand new company but already have a client base we wish we could publicly be proud of but can't due to non-disclosure reasons.  Most of our customers are happy with the transparency our service provides and therefore don't want their customers (or competitors) to know they are using us.  I don't blame them. :)

Tell us about Tripod Support and what you offer.
Tripod Support is an global outsourcing company focused on delivering customer care solutions to web hosting companies.  Over the past few years, global outsourcing has received mixed reviews in various industries and, most recently, in web hosting.  My personal observation, with my background in web hosting and systems administration, was that, while several companies in outsourced web hosting technical support exist, they weren't doing a good job of handling customer care for web hosting companies.  General complaints from early adopters of outsourced customer care pulled down the general sentiment towards outsourcing.  I entered the industry to turn this around because, being a born-and-raised American with Indian origin, I had the optimal balance necessary to put together American ideals with Indian work ethic in a happy, effective medium.  Though it's been an uphill battle facing the spoiled reception towards outsourced tech support, I see it as a time of opportunity and honestly believe that properly managed outsourcing under certain conditions can be fruitful for all. 

How did you get involved in web hosting industry?
My background with web hosting started in 1998 as a freelance web developer doing various web projects for local companies around the Austin area.  I spent a lot of time looking for a web hosting company that lived up to the promises of super-high uptime and quality support but was disappointed time and time again when these promises went under-delivered.  People who know me personally know that I am a extreme advocate of quality customer care in all respects – whether you are in the grocery store or getting your hair cut.  I wished to bring this to the hosting world and therefore started pgHoster, a hosting company catering to PostgreSQL database enthusiasts.  I managed pgHoster for three years and grew our niche customer base to one that was diverse and large – five-hundred customers from 40 countries.  The manpower necessary to support our clients was becoming unaffordable.  Turning to outsourced tech support companies was an option but after evaluating the handful that were out there, I didn't have the confidence necessary to proceed.  Instead, I went out and started my own as a way to supplement support for pgHoster and deliver the same for other hosting companies as well.  :)

What does your company offer over other support services like BobCares? How experienced is your staff?
Very good and popular question.  We are a new company, formed in late 2003 but have strong principles and a team-oriented staff (hard to find in areas like India) which keep us in a leading position over our competitors.  Tripod Support's mission statement is to deliver quality customer care.  How well we handle our customers (i.e. web hosting companies) is a testament and precedent for how they can expect us to handle their customers.  I do not know how BobCares or any other company operates but I can tell you how we achieve our cause: 
To deliver top-notch customer service to web hosting customers requires both excellent troubleshooting skills and effective communication skills.  Both work hand in hand.  You might be able to solve a problem but be extremely poor at letting the customer know what happened.  This doesn't work.  You might be able to write pages and pages to the customer about what might be happening on an issue but not solve it.  This definitely doesn't work.  So both are needed to produce the optimal customer care experience we think we deliver better than our competitors. 
Other outsourced tech support companies boast excellent English proficiency. My own cumbersome recruiting experience in relation to this issue makes this extremely hard to believe.  We have had to work extremely hard to get our guys typing and chatting (under pressure) just like somebody would in the US so that support seems transparent.  Queen's English (or British English) is the first giveaway that support is being outsourced – and is embarrassing to both the web hosting company and Tripod Support when caught.  So we make sure that this doesn't happen by using quality assurance methods such as employing US-based “proofers” to catch the little mistakes our tech guys can't see but are obvious to the customer. 
Finally, all our Support Engineers are RHCE-certified.  This, alone, doesn't mean anything since the real value behind a good Support Engineer is his ability to multi-task and troubleshoot effectively.  We have over forty years of combined Linux experience and are familiar with several control panel, chat, and trouble ticket softwares – all because I make sure they are well learned. With a staff of over two dozen working around the clock, there is always somebody with an answer to a hosting problem.  We have chat-handling specialists, server/security specialists, and network specialists that work in an extremely team-oriented setting to get each and every chat handled and trouble ticket solved. 

Do you provide server admin services as part of the support?
Yes.  We will do kernel upgrades/recompiles, security upgrades as suggested by Red Hat Network (RHN), datacenter-handled reboots if needed, and other server maintenance tasks as requested by our clients. 

Are you kept anonymous from my hosting customers and what type of support is offered? EG: Instant messenger, support desk, telephone
Absolutely.  All of our Support Engineers have pseudonyms that they address responses with.  In some cases, our customers have requested that we not use names either and go by a numbering system.  For example, instead of signing a trouble ticket with “Mike”, it would be signed with “Hosting Specialist #32”.  It's all up to the customer – and we sign any non-disclosure agreements our clients bring to the table.  They are enforceable too since we are an American company. Our service is transparent – customers never know they are working with Tripod Support. 
We handle support issues by Live Chat, Trouble Ticket, and E-Mail.  Most of our customers already have third-party applications for the live chat and trouble ticket system which we have no problems working with.  Some that come to mind are PHPLiveHelper, PHPLive Support, BoldChat, Stardevelop LiveHelp, LivePerson, PerlDesk, Kayako, and Support-Logic.  The fact is: using trouble ticket and chat systems isn't the challenge; responding to customers with solutions to their problems is.

How easy is it to integrate Tripod Support into my existing company and software?
We make the transition to Tripod Support as painless as possible.  In our most complex case, our longest rollout took about three weeks from gathering information about the client to delivering support to their over twenty thousand customers.  We ended up doing a pilot program using a subset of their complete customer base and, soon after, were handling 100% of their web hosting support issues.
The process is much smoother and easier for smaller companies that have only a handful of servers that they need supported.  In this case, they give us their server details (OS type, control panel, etc), a  spreadsheet of their customer data, access to their trouble ticket and live chat platforms and we are in good shape to begin offering support to their customers.  For fine-tuning, we send a questionnaire to the client asking questions like “How do we handle cancellations?” or “What if a customer complains about a server.” so that we can work more effectively.  Overall, we work extremely close with our clients during the first two weeks after launch to understand their approach to customer handling.    

What kind of security measures are taken to ensure my clients info and server info is kept safe and confidential?
Your server information is extremely sensitive – effectively a set of keys to your business.  Handing over your root passwords to anybody can instantaneously make you feel vulnerable.  What can make cause even more nail-biting is that you are giving the data to a foreign company.  What kind of legal action can you take against them should your information be compromised?  Our goal isn't to get sued but to allow you to sleep well at night without sweats and worries over where your passwords are going.  To keep your server information contained, this data is given to a specific “cluster” of Tripod Support Engineers that actively need it.  Nobody else in the organization has access to your passwords.  Prior to employment, Tripod Support Engineers sign extensive non-disclosure agreements enforceable by Indian law.  Other outsourced tech support companies tend to disseminate server data into the complete organization – an accident waiting to happen. 

How fast are your response times?
We aim to respond to and resolve all trouble tickets within 30 minutes or less.  However, our guaranteed resolution time is two hours.  Naturally, all live chats are handled within minutes of the request for chat being placed.  I've heard many complaints that to meet these limits, outsourced tech support companies tend to issue a generic “We are working on your problem.” response.  However, we do not use these extremely cheap tactic for two reasons: a) It would become blaringly obvious to the end customer that we are buying ourselves time without actually looking into the nature of the problem b) It would lower client confidence in our ability to actually solve problems swiftly.  Instead, our initial response is to shed some direct light on the problem should it require considerably more attention.   

What is your day to day role like at your company?
Day to day role is hard to say – although it has everything to do with keeping our customers delighted and their customers happy.  I'm flying back and forth between Austin an Kolkata regularly to see that things are running effectively, new recruits are being trained the way I want to, and for general meetings with my managers.  I end up toggling between life in Austin and life in Kolkata – three months in the US and then three months in the South Asian sub-continent.  I am currently in Kolkata overseeing the expansion of our new office and cultivating a emerging relationship with a large US customer. 

Do you have any final comments?
Once again, thanks very much for this interview.  I acknowledge that making a decision about whether or not to outsourcing your customer support is a difficult one that takes time and necessity.  Almost daily, there are both online and offline discussions taking place about opinions on this issue.  I sincerely hope that your readers will re-consider outsourcing in general after having glanced over my personal commitment to re-establishing its benefits.  All it needs is to be done right.  :)

What is your company’s location and contact information?
Our main offices are located in Austin, Texas.  Our customer support center is located in Kolkata (Calcutta), India.  You can reach us toll-free at 866.544.4131.  Or, if you'd like, you can reach me directly at 512.692.6297 or niyogi@tripodsupport.com.

Roj, Thank you very much for taking the time for this interview with WebHostGear.

  • Rating

    4/5

Related Articles

Comments (83)

  • Gravatar - Edward
    Edward 22:57, January 25, 2004
    This worked great, but if your kernel is compiled with iptables statically instead of as a module you need to do this in the conf.apf
    MONOKERN="0"
    Set it to "1" and then try start APF again.
  • Gravatar - chris
    chris 21:08, February 3, 2004
    the firewall should be set to 0 not 1 to be running allt eh time setting to 1 = turns off after 5 minutes ..i would fix it or you will have newbies with firewalls off everywhere
  • Gravatar - jdwh
    jdwh 17:12, February 11, 2004
    Does this work for Burst.net servers? In the past there was a thread in their forums saying it was incompatible. Maybe this was fixed?
  • Gravatar - ryan
    ryan 19:40, February 11, 2004
    great howto document and covers the current release whereas most people cover the RPM release; great job.
  • Gravatar - Steve
    Steve 04:54, February 12, 2004
    jdwh - yes it works with any Linux servers, if you have any questions about firewall ports on the network then contact your provider.
  • Gravatar - Tom
    Tom 13:26, March 22, 2004
    Don't you need to type the following so APF starts after a reboot?

    chkconfig --level 2345 apf on
  • Gravatar - ryan
    ryan 12:02, April 9, 2004
    No; chkconfig is run during installation by APF's install.sh script.
  • Gravatar - greg
    greg 23:07, April 22, 2004
    anyone know how to stop if from logging to the terminal (tty1?)
  • Gravatar - autoquartz
    autoquartz 08:17, April 24, 2004
    How about Plesk 7 Server?
  • Gravatar - BAMF
    BAMF 22:26, April 26, 2004
    Make sure to add port #3306 to IG_TCP_CPORTS if you want to remotely administer your database.
  • Gravatar - Scott
    Scott 00:17, May 11, 2004
    Im kinda a newbie at this I use 4 diff Ipadresses on my machine could someone tell me how to add in so all the ip's use the same rights. Last firewall I tried blocked all my other Ip's on all ports thanx
  • Gravatar - chris
    chris 03:52, May 14, 2004
    How do you block an Ip in APF?
  • Gravatar - Steve
    Steve 17:03, May 27, 2004
    To block and IP in APF go to /etc/apf and pico deny_hosts.conf. Scroll down and add the IP addresses you need to block, each on a separate line. Comments with more details are in the file.
  • Gravatar - Anton
    Anton 10:48, June 1, 2004
    Guys, what about ports for passive ftp?
  • Gravatar - Colin Myerscough
    Colin Myerscough 16:13, June 2, 2004
    I can not use this firewall because feeds.dshield.org does not exist and I can not get the block.txt from there. Who can help me
  • Gravatar - Tim Rice
    Tim Rice 19:55, June 7, 2004
    APF is great, except I sometimes have a hard time taking out a chain. For an example, I have the following loaded in the chain:
    32 DROP all -- 83.0.0.0/8 anywhere

    I have tried to remove this, but can't for some strange reason. Is there a file that I can edit?
  • Gravatar - Khurrum Maqbool
    Khurrum Maqbool 03:04, June 10, 2004
    I had to open port 2089 because it was having problems with the license. Apparently cpanel needs the license sync port 2089 not only for incoming but also for outgoing traffic open
  • Gravatar - Janos
    Janos 21:15, June 17, 2004
    I get an error message when I want to start APF: /usr/local/sbin/apf: line 1: ifconfig: command not found . What's wrong here?
  • Gravatar - For Janos from WHG
    For Janos from WHG 20:05, June 18, 2004
    Run: cat /etc/apf/VERSION<br />
    You should see version: 0.9.3-rev3<br />
    <br />
    Then before you run any APF commands make sure you're logged in as the root environment: su - <br />
    <br />
    Make sure you use the "-" otherwise you won't be in the environment, this is why you're getting the error message I'm fairly sure.
  • Gravatar - DJALPHA
    DJALPHA 20:01, June 20, 2004
    Which is correct? 3000_3500 or 30000_35000 ? <br />
    Please check how to thx.
  • Gravatar - reanncw
    reanncw 17:39, June 21, 2004
    i get this,<br />
    <br />
    /etc/apf/vnet/vnetgen: ip: command not found<br />
    lsmod: QM_MODULES: Function not implemented<br />
    <br />
    iptables v1.2.6a: unknown protocol `ipv6-crypt' specified<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables: No chain/target/match by that name<br />
    iptables: No chain/target/match by that name<br />
    iptables: No chain/target/match by that name<br />
  • Gravatar - Khurrum Maqbool
    Khurrum Maqbool 03:13, July 16, 2004
    Also port 873 ingress is needed for Rsync... this is needed for /scripts/easyapache
  • Gravatar - Gareth
    Gareth 13:17, August 2, 2004
    Is APF compatible with FreeBSD?
  • Gravatar - Andy
    Andy 15:57, August 11, 2004
    error as follows<br />
    <br />
    iptables v1.2.9 invalild TCP / Port Service '=21' specified<br />
    <br />
    Try `iptables -h' or 'iptables --help' for more information<br />
    <br />
  • Gravatar - Bob
    Bob 16:56, August 30, 2004
    When I start the firewall I get a series of "uknown host" comments. What is this from and should I be concerned?
  • Gravatar - Sun Joo
    Sun Joo 13:46, October 20, 2004
    After APF started, the sites are not accessed from the browser. The moment I stop APF, then sites are loaded. What am I missing ? Any clue ? Thanks.
  • Gravatar - JLchafardet
    JLchafardet 18:51, November 2, 2004
    does this tutorial have ever been tested on RHEL ES3 Plesk Reloaded based servers?
  • Gravatar - Caz
    Caz 03:41, December 18, 2004
    I get "unknown host" when doing apf -r. Anyone know why?
  • Gravatar - Mtrafox
    Mtrafox 19:28, January 21, 2005
    Hy.<br />
    After I installed APF, I have some problems.<br />
    When I get the mail from BDF, that someone atack my one of virtual IP, and I ceck with ifconfig, my virtual interface is down. Some time all of my virtual interface are down. Anyone know how to fix this ?
  • Gravatar - Randall_James
    Randall_James 13:05, January 29, 2005
    chris <br />
    How do you block an Ip in APF? <br />
    <br />
    apf -d 12.345.67.89 <br />
    ----------------------<br />
    Bob and Caz<br />
    When I start the firewall I get a series of "uknown host" comments. What is this from and should I be concerned?<br />
    <br />
    Check the deny_host.rules, there is probably a bad entry in the bottom half of file<br />
    ________________________<br />
    INSTALL NOTE:<br />
    During the final phase of install you will recieve some output to screen, this will list the current listening ports! Generally these are going to be need added to the allowed ports in the conf.apf file. Also monitored services need open ports (eg, ThePlanet) check with your datacenter for a list of these ports.<br />
    <br />
  • Gravatar - Jafar
    Jafar 08:13, February 8, 2005
    hello ,,<br />
    I have got a question ..I want your help for me please in this problem ..<br />
    <br />
    Sometime : Network error(tcp_error) A communication error occurred: "Operation timed out"<br />
    Sometime : operatio timed out<br />
    Sometime : The page cannot be displayed<br />
    Sometime : Problem Report<br />
    <br />
    Some of the tracts is not able to the entry this talk is visible to them by higher<br />
    An example ( UAE emirates . Syria . Egypt ..<br />
    <br />
    this problem From , "Fairwell APF"<br />
    <br />
    Stop the program of the protection "APF" they are able to the entry (/usr/local/sbin/apf -f"<br />
    Start,run the program of the protection "APF" They are not able to the entry (/usr/local/sbin/apf -s)<br />
    <br />
    <br />
    what's I want do on a this <br />
    By start this the problems From about 25 days .<br />
    <br />
    thanks . I hope your help
  • Gravatar - apfwannabe
    apfwannabe 01:38, April 22, 2005
    how much memory and cpu usage does APF consumes?<br />
    <br />
    i have a vps with 199mb running whm/cpanel and has average load of 75% mem and 1 cpu load.<br />
    <br />
    will apf makes the server unstable considering my current vps resources<br />
    above?<br />
  • Gravatar - Henry
    Henry 03:59, April 23, 2005
    Hello,<br />
    <br />
    I got this error during installation, please help,<br />
    <br />
    Other Details:<br />
    cp: cannot stat `/etc/apf.bk.last/vnet/*.rules': No such file or directory<br />
    Imported options from 0.9.4-6 to 0.9.5-1.<br />
    Note: Please review /etc/apf/conf.apf for consistency, install default backed up to /etc/apf/conf.apf.orig<br />
    root@host [~/downloads/apf-0.9.5-1]# ./install.sh<br />
    Installing APF 0.9.5-1: Completed.
  • Gravatar - need-help
    need-help 12:01, May 2, 2005
    unknow host
  • Gravatar - Matt
    Matt 19:35, June 10, 2005
    I installed this successfully but then it locked me out! It blocked all IP's and I wasn't even able to get in via SSH - what do I have to mod for this to work? I had to have my datacenter disable firewall so I could have remote access again...
  • Gravatar - Tedd
    Tedd 11:44, July 25, 2005
    I cant seem to configure this properly so that I can take it out of test mode. When running I cannot access my website.<br />
    <br />
    I using WMH with cPanel. I got it installed okay. But no matter how I configure the options, Im denied from the website.<br />
    <br />
    Any ideas?
  • Gravatar - Tapan
    Tapan 20:02, July 25, 2005
    Hi,<br />
    <br />
    When i did all i got this and its not working:<br />
    <br />
    /usr/local/sbin/apf -s<br />
    eth0: error fetching interface information: Device not found<br />
    eth0: error fetching interface information: Device not found<br />
    eth0: error fetching interface information: Device not found<br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    /etc/apf/firewall: line 1: /sbin/lsmod: No such file or directory<br />
    Unable to load iptables module (ip_tables), aborting.<br />
    <br />
    Thanks.
  • Gravatar - Ankush
    Ankush 20:35, August 16, 2005
    Please update the article to match the latest version settings of apf. The new apf has lot of new features.
  • Gravatar - Liam Glanfield
    Liam Glanfield 20:21, August 17, 2005
    This was very detailed and spot on but I think I may have done somthing wrong. I have cpanel so used there port numbers given above. When i get to the part apf -s it works ok but I get "wget comand not found, try usinf wget --help for more info..." yet if I do apf -st it says it is working?! is this normal ??
  • Gravatar - Starfinder
    Starfinder 13:01, September 6, 2005
    Matt, Are you running SSH on a port other than 22? If so, you must also allow connections to this port.
  • Gravatar - nowayout
    nowayout 11:11, December 3, 2005
    root@server1 [~/downloads]# /usr/local/sbin/apf -s<br />
    iptables v1.2.11: host/network `216-211-192-63.noviant.com' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `216-211-192-63.noviant.com' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `adsl_corporativo16760-74.etb.net.co' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `adsl_corporativo16760-74.etb.net.co' not found<br />
    Try `iptables -h' or 'iptables --help' for more information<br />
    <br />
    How I could fix that ?
  • Gravatar - Buddah
    Buddah 07:14, December 11, 2005
    Hmm, now my webpages won't load, ftp/plesk/ssh all work fine but websites won't load :-?
  • Gravatar - Fernando
    Fernando 06:43, January 24, 2006
    APF is dieing right after I call it. I don't know why. In logs I can only see:<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} loading postroute.rules<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} default (egress) output accept<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} default (ingress) input drop<br />
    Jan 24 00:42:13 nocserver apf(28488): firewall initalized<br />
    <br />
    Do you know why?
  • Gravatar - NOTSUPPORT
    NOTSUPPORT 23:23, January 30, 2006
    THIS IS NOT TECHNICAL SUPPORT. GO SEEK SUPPORT ELSEWHERE.
  • Gravatar - Cleber
    Cleber 06:53, February 12, 2006
    How to install APF in 2 or more interfaces?<br />
    <br />
    ex: eth0, eth0.1 and others
  • Gravatar - Rainer
    Rainer 22:50, February 14, 2006
    Howto config NAT (iptable) with APF?
  • Gravatar - Morons
    Morons 23:23, March 6, 2006
    this isn't a support page, go elsewhere! This is just about one of the easiest monitoring software out there.
  • Gravatar - Luis
    Luis 03:12, March 15, 2006
    If you have Cpanel be sure to also open port 26 if you have a copy of exim on that port for the clients that have isp's that block 25
  • Gravatar - enes
    enes 23:06, April 4, 2006
    when using smbmount command with APF, smbmount does not working and gives "/bin/ls: .: Stale NFS file handle" error. <br />
    <br />
    to solve this problem, use this;<br />
    <br />
    ./apf -a OTHER_SERVER_IP<br />
    ./apf -r
  • Gravatar - Fred
    Fred 07:22, May 3, 2006
    I see cpanel is spoken about as it relates to this error but I am using monsterconls would it make a different.<br />
    <br />
    lsmod: QM_MODULES: Function not implemented Unable to load iptables module (ip_tables), aborting.<br />
    <br />
    I am have DDOS and install apf but can't get to load.<br />
    <br />
    Any help would be welcomed -THANKSl
  • Gravatar - Steve
    Steve 16:51, June 5, 2006
    I get installed the apf on server but cannot control the DDOS attack.<br />
    Please let us know what to do.<br />
    I have configured everything.<br />
    The attack is now going on.
  • Gravatar - Calvin
    Calvin 18:41, June 14, 2006
    How to remove this firewall after installation ?<br />
    <br />
    Regards,<br />
    Calvin
  • Gravatar - Calvin Phan
    Calvin Phan 19:11, June 14, 2006
    How to uninstall (remove) this APF firewall ?
  • Gravatar - Steve
    Steve 23:37, June 19, 2006
    rm -fv /etc/cron.daily/fw<br />
    chkconfig --del apf<br />
    rm -frv /etc/apf<br />
  • Gravatar - Muhammad Sajjad
    Muhammad Sajjad 15:28, June 23, 2006
    i need ur help about configuring firewall on routers. please provide me some notes or tutorials.
  • Gravatar - FD
    FD 19:56, July 8, 2006
    APF simply does not work correctly with 2.6 kernels due to module name changes and incompatibilities. You get the "Unable to load iptables module (ipt_state), aborting" message<br />
    <br />
    Setting "MONOKERN" to 1 is not a solution as it causes problems with passive FTP (amongst others) and (as mentioned in the script) is NOT supported.<br />
    <br />
    I have searched everywhere for a fix, but nothing is suitable. I have uninstalled APF and will wait for a release that addresses this issue.
  • Gravatar - M0Dy
    M0Dy 19:38, July 14, 2006
    How to uninstall (remove) this APF firewall ?
  • Gravatar - Nemesiz
    Nemesiz 22:31, July 16, 2006
    remove /etc/apf dir. APF - its only a script to make firewall rukes, not firewall.
  • Gravatar - Fidoxd
    Fidoxd 12:12, August 5, 2006
    Is normal this log?<br />
    <br />
    ago 05 11:55:01 server2 apf(31989): flushing & zeroing chain policies<br />
    ago 05 11:55:01 server2 apf(31989): firewall offline<br />
    ago 05 12:00:03 server2 apf(32043): flushing & zeroing chain policies<br />
    ago 05 12:00:03 server2 apf(32043): firewall offline<br />
  • Gravatar - David Yasmineh
    David Yasmineh 18:53, August 10, 2006
    heres the issue....APF / BFD are really nice if you have a fixed IP that you use to access your server from. <br />
    <br />
    The thing is i get a million unauthorized login attempts a month. I read about this script called PYTHON SCRIPT which would automatically block the attacking ip address for a period of time if it failed to authorize more than 3 times for example.<br />
    <br />
    Now APF / BFD do the same?????<br />
    <br />
    Please let me know, email me<br />
    <br />
    david_yasmineh@yahoo.com<br />
    <br />
    kind of urgent for me pls.<br />
    <br />
    thnks
  • Gravatar - Daniel
    Daniel 15:33, September 2, 2006
    Hi,<br />
    <br />
    I cant start my firewall..<br />
    <br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    Unable to load iptables module (ipt_state), aborting.<br />
    <br />
    Please help..
  • Gravatar - el
    el 14:55, September 19, 2006
    i tried to install on debian ...<br />
    cp: cannot create regular file `/etc/rc.d/init.d/apf': No such file or directory<br />
    <br />
    debian doesn't have an /etc/rc.d/init.d directory. I assume that I should just edit the install script to point to /etc/init.d ?
  • Gravatar - Joe
    Joe 13:52, November 19, 2006
    APF & BFD both installed successfully and apparently working correctly except for two issues.<br />
    <br />
    1/ No email alerts are being received (I have configured as per instructions)<br />
    <br />
    2/ For AntiDOS for APF the file /var/log/apfados_log is missing.<br />
    <br />
    Finally, how do I set the time during which a brute attack is allowed before being stopped. For instance, my server was under attack for 10 minutes during which time a huge number of attempts were made before being stopped. How do I reduce this time or preferably set a number of instances (5 perhaps) before an attack is stopped.<br />
    <br />
    Thanks<br />
    <br />
    Joe
  • Gravatar - Alan
    Alan 00:31, November 23, 2006
    Antidos is intended to operate via cron. This is a critical setup point as if<br />
    not done, antidos will simply not operate.<br />
    <br />
    The following string can be placed into /etc/crontab or similar file:<br />
    */2 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1<br />
    <br />
    This will run antidos every two minutes. I dont recommend running it once a<br />
    minute as it may cause a bottleneck for itself and the CPU. Likewise running it<br />
    beyound a period of once every 5 minutes is not recommended either, for obviouse<br />
    reasons.<br />
  • Gravatar - Jeff
    Jeff 18:26, December 12, 2006
    Port 37 also needs to be open on Cpanel servers. The rdate function uses 37 to connect to the time servers
  • Gravatar - Steve
    Steve 00:31, February 12, 2007
    APF Plesk Ports<br />
    <br />
    IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,8443"<br />
    IG_UDP_CPORTS="37,53,873"<br />
    <br />
    EGF="1"<br />
    EG_TCP_CPORTS="20,21,22,25,53,37,43,80,113,443,465,873,5224"<br />
    EG_UDP_CPORTS="53,873"
  • Gravatar - Raptor
    Raptor 03:22, February 16, 2007
    Great How to! Worked 1st time.
  • Gravatar - Steve
    Steve 23:23, April 28, 2007
    I cant start my firewall..<br />
    <br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    Unable to load iptables module (ipt_state), aborting.<br />
    <br />
    any ideas ?
  • Gravatar - Beth
    Beth 13:31, May 1, 2007
    Has anyone gotten this to work to deny traffic from hosts that are perpetrating dictionary attacks against an FTP server? For example, several times a week, we have people running a database of usernames against our ftp servers. Sometimes, so much that my logs are 15-50 MB larger from logging the attempts. It would be great if we could stop a user at 5 attempts or so. The FTP server itself stops the user after 3 failed logins, but they go on with more from the list, so it could end up being thousands of names.<br />
    <br />
    Thanks!<br />
    Beth
  • Gravatar - binoy
    binoy 03:16, June 11, 2007
    How can I unblock an ip through apf.<br />
    <br />
    email me at binoy1983@yahoo.com
  • Gravatar - Senthil
    Senthil 04:43, July 18, 2007
    Are there any ways in adding apf in whm panel (doing all the operations in the whm panel)?.
  • Gravatar - Rich
    Rich 02:16, November 16, 2007
    Is this guide still current? I only ask because it was 3 years ago that this article was originally published. Have any instructions changed?
  • Gravatar - Shaun
    Shaun 10:52, December 12, 2007
    Works fine as of December 2007
  • Gravatar - vinyas
    vinyas 16:18, January 19, 2008
    Works super as of January 2008
  • Gravatar - Valeriu Palos
    Valeriu Palos 13:34, February 12, 2008
    This tool also runs beautifully on Ubuntu based machines (maybe even Debian) using this patch:<br />
    <br />
    http://codeblog.palos.ro/2007/09/08/apf-firewall-on-ubuntu-704/
  • Gravatar - pankaj dhingra
    pankaj dhingra 06:53, March 7, 2008
    cannot stat `/etc/apf.bk.last/vnet/*.rules': <br />
    <br />
    facing this problem while installing apf
  • Gravatar - devil2005
    devil2005 13:28, April 13, 2008
    i issue the command apf -d 192.168.1.64 . and also another ipddress for a webproxy to see if apf blocks it . but it doesnt . i have doen apf -r . and the webpage is still displayed to the blocked hosts . whats wrong
  • Gravatar - Milos
    Milos 23:20, June 8, 2008
    Starting with version 0.9.6-3 APF completely replaced Antidos with RAB (Reactive Address Blocking). So there is no more additional AntiDos cron job, everything is managed by APF and the RAB options are in conf.apf as expected.<br />
    <br />
    It would be nice that you update this tutorila. :)
  • Gravatar - Albert
    Albert 15:28, January 5, 2009
    i have some probs.. :<br />
    <br />
    root@viper [/apf-9.6-5]# ./install.sh<br />
    Installing APF 9.6-5: eth0: error fetching interface information: Device not found<br />
    Completed.<br />
    <br />
    Installation Details:<br />
    Install path: /etc/apf/<br />
    Config path: /etc/apf/conf.apf<br />
    Executable path: /usr/local/sbin/apf<br />
    <br />
    Other Details:<br />
    eth0: error fetching interface information: Device not found<br />
    cp: cannot stat `/etc/apf.bk.last/vnet/*.rules': No such file or directory<br />
    Imported options from 9.6-5 to 9.6-5.<br />
    Note: Please review /etc/apf/conf.apf for consistency, install default backed up to /etc/apf/conf.apf.orig<br />
    <br />
    i'm using : <br />
    <br />
    cPanel 11.24.4-R32603 - WHM 11.24.2 - X 3.9<br />
    CENTOS 5.2 i686 on virtuozzo<br />
    Ethernet Device : venet0:0
  • Gravatar - petrepaul
    petrepaul 17:39, May 7, 2009
    when i do nano /etc/apf/ad/conf.antidos <br />
    <br />
    or pico /etc/apf/ad/conf.antidos<br />
    <br />
    creates a new file? everything else installed and works fine, any suggestions?<br />
    <br />
    really need to update this information with current version apf-9.7-1 <br />
  • Gravatar - bazzii
    bazzii 16:00, June 22, 2009
    I had a problem..<br />
    <br />
    In my site RSS feeds are there.. When I stop APF it works just fine.. But when start it, the RSS feed doesn't work. I had tried to flush it,<br />
    <br />
    # service iptables stop<br />
    # iptables -F<br />
    # service iptables save<br />
    # service iptables start<br />
    <br />
    But the rules are still comin in ?... Hoe do I flush this rules ?<br />
    <br />
    Any help appreciated !!
  • Gravatar - David Yasmineh
    David Yasmineh 05:57, June 8, 2010
    waw...2006...almost 5 years later..lol and i come accross this site again...

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2019 WebHostGear.com