Question about APF /etc/apf/deny_hosts.rules list file

Support for security such as Firewalls and securing linux
Post Reply
ZXH
Posts: 8
Joined: 2015/11/17 17:26:02

Question about APF /etc/apf/deny_hosts.rules list file

Post by ZXH » 2016/04/04 22:45:24

Hello,

I've been running APF for years with good success. One of my APF instances is running on CentOS 5.11. I have a question about the /etc/apf/deny_hosts.rules list file. I'm guessing the behavior I'm about to describe is by design but I want to make sure that something else strange isn't going on. What happened is after I added some additional lines today to said deny hosts rules list file and then restarted APF to incorporate those additional rules, the entire commented area in the file (containing the examples, etc.) was suddenly gone. All that was left were the IPs/ranges to be blocked.

So is it by design that when the list of rules within this deny hosts rules file reaches a certain length (perhaps 50 lines or so) the commented area is automatically purged? I actually tried adding that upper commented section back from another APF installation on another server, but when I executed apf -r the commented lines were gone again. It's really no big thing... unless of course it's not supposed to do that. I currently have 51 lines in the mentioned file. I can try removing lines, one-by-one, and adding the upper commented section back just to see what happens and at which point. But I wanted to ask here if anyone has knowledge of this apparent auto-truncation first.

Thanks in advance for any thoughts or comments.

User avatar
TrevorH
Site Admin
Posts: 33191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Question about APF /etc/apf/deny_hosts.rules list file

Post by TrevorH » 2016/04/05 01:23:06

This "APF" is not a CentOS supplied package. You'd have to ask the authors/maintainers.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

ZXH
Posts: 8
Joined: 2015/11/17 17:26:02

Re: Question about APF /etc/apf/deny_hosts.rules list file

Post by ZXH » 2016/04/05 03:55:41

Duly noted, and I am aware of that fact, Trevor. It's just that if one searches for instances of "APF" among this CentOS community message board they will receive many returns of comments and discussions relating to APF. For this reason I thought that if my scenario were a commonly encountered behavior by APF users that someone may reply back and say so. Nonetheless, thanks for your reply :)

Post Reply