Forum Moderators: phranque
So I did an "apf -l" to see what rules are getting DROPped. It has several IP ranges, which I have not entered! My hosting company tells me these are default apf rules. How can I disable them, is it advisable to disable them?
Much appreciate any tips and advice. Thanks!
[webmasterworld.com...]
My APF install came with the Bogon list blocked by default. You may have an outdated block list. I run CentOS and I had to edit the following file:
reserved-networks
It contained the Bogon IP ranges which were by default blocked. By comparing it to the most recent Bogon list, you should be able to eliminate many of the blocked ranges that are now public/released.
Another idea, find out the IP addresses of the users having trouble accessing your site and make sure those ranges are unblocked as well by editing the "reserved-networks" file.
You can also dump your APF config, modify it and reload it and tell APF to save that current new configuration. That is another way to remove some of the dropped IP ranges if you don't have a file called "reserved-networks".
Hope this helps!
Is there a way to automate the bogon stuff? Have a script that checks the latest released bogon stuff and then updates the apf config accordingly?
Glad you got it fixed!
