Knowledgebase

Portal Home > Knowledgebase > Articles Database > APF start on boot?


APF start on boot?




Posted by Chris Drew, 08-19-2008, 07:14 AM
Hi everyone, I've supposedly set APF firewall to start at boot time, by doing something like: chkconfig --levels 2345 apf on However i have my reservations to weather it is actually starting, its set to block port 80, after boot if i try and access it, the connection will get refused straight away, however if i go and manually start APF then try and access again, it will take a while, like its ignoring the connection attempt (which is good). How could I check if APF is actually running? Thanks, Chris.
Posted by eger, 08-19-2008, 09:58 AM
APF is just a script that loads rules into iptables. You can check if iptables is being loaded with the correct rules by doing: iptables -L --numeric Is it possible you have apf starting and then also starting the default iptables script? Run: chkconfig --list iptables Usually I will disable the iptables script when I install APF to be sure that only the APF rules are the ones loaded.
Posted by Chris Drew, 08-19-2008, 02:25 PM
Hi eger, thanks for your reply. I checked iptables, and it isnt set to start, I also checked the iptables rules, before and after manually starting APF. It looks like the APF rules aren't being applied automatically. What could i do to correct this? Thanks, Chris.
Posted by david510, 08-19-2008, 04:16 PM
iptables need not be set to on for apf to start. You should find why iptables rules are not showing up when apf starts. Id there any error you are seeing when you start apf?
Posted by Chris Drew, 08-19-2008, 04:47 PM
There are no errors when i start APF by going service apf start. I'm not sure about at boot, how could i check?
Posted by ~ServerPoint~, 08-19-2008, 06:46 PM
Run the command iptables -L after rebooting the server and check whether the rules added are there. Also check /var/log/messages for any errors at the time of booting.
Posted by david510, 08-19-2008, 06:47 PM
Have you made the testing mode to 0 (disabled) in the apf configuration file? # When set to enabled; 5 minute cronjob is set to flush the firewall; set # this mode off (0) when firewall determined to be operating as desired. #Set firewall dev cronjob # 1 = enabled / 0 = disabled DEVM="1"
Posted by david510, 08-19-2008, 06:49 PM
He has told iptables rules are listing but not the rules of apf.
Posted by Chris Drew, 08-20-2008, 07:44 AM
Thanks for your replies, yes David, Dev mode is off, im really getting stuck with this Just to point out, im running centos 5.2, x64 with xen kernel, somebody said that it might be an issue with this? ServerPoint, i'll check the messages now and post my findings, cheers. EDIT: Ok, i cant see anything wrong in var/log/messages, i've checked the APF log too, and after a boot, it ends with: Suggesting that the firewall is being initalized at boot, again, i checked iptables and the rules had not been loaded.. I ran "service apf start", and checked iptables again, as usual, it then had loaded the rules... The APF log also ended the same way. "firewall initalized", I have no clue whats going on. Could somebody shed some light on this? Thanks, Chris. Last edited by Chris Drew; 08-20-2008 at 07:56 AM.
Posted by Chris Drew, 08-20-2008, 08:38 AM
Ok, after no success and some advice I've just added "service apf start" to rc.local, not the best solution but it seems to work


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
what do u think of hostdepartment.com (Views: 587)
Is lavabit SLOW (Views: 636)
[ASL]My memory Full aumotaicly (Views: 615)
FTP error please help (Views: 607)
Excessive RAM usage with Facebook like script! (Views: 589)