Apf & Bfd [Archive] - DirectAdmin Forums

View Full Version : Apf & Bfd

bdk

01-01-2006, 07:20 PM

Advanced Policy Firewall (APF) (http://www.rfxnetworks.net/apf.php)
Brute Force Detection (BFD) (http://www.rfxnetworks.net/bfd.php)

Has anyone gotten these working under Debian?

I downloaded both and tried to configure them over a period of a couple of days but to no avail.

I can see the BFD cron job runs every 10 minutes but never picks anything up.

I had to adjust the log file that it was looking for for authentication info from /var/log/secure (rh & slackware method) to /var/log/auth.log (debian). Not knowing if pattern.auth in BFD is case sensative I added 'Illegal user', but it still never picked up on anything in my auth.log.

There were other changes that I made in hopes that BFD would react to my log files. It never did.

WIth APF I was able ping flood my server and see that it was working to limit the inbound ICMP packages to 30/sec and that when I manually added myself to it's deny files it would block me. Like with BFD I couldn't get APF to generate an email or take defensive action.

The author doesn't have a timeline on a Debian port for this, but I think that with some other Debian SysAdmin's help we can get this to work.

-bdk

rndinit0

01-26-2006, 07:25 AM

/etc/init.d/apf: line 8: /etc/rc.d/init.d/functions:

Well from what I gather apf likes to use /etc/rc.d/init.d/* instead of /etc/init.d/

Would be nice to see someone post a debian sepcific tutorial for apf and bfd

You might wanna go with this in the mean time:

Originally posted by chatwizrd
http://denyhosts.sourceforge.net

Also you might want to view this thread on EV1 Servers Forum (http://forum.ev1servers.net/showthread.php?p=357975#post357975)

I've also taken the liberty of asking for more details (http://forum.ev1servers.net/showpost.php?p=375425&postcount=1137) as to how this could be done.

payman

04-02-2006, 02:44 PM

Here's the APF installation process for Debian:
1)wget http://www.r-fx.ca/downloads/apf-current.tar.gz
2)tar -xzf apf-current.tar.gz
3)cd apf-0.9.6-1/ (or whatever version is the current)
4)./install.sh
5)cp apf.init /etc/init.d/apf
6)update-rc.d apf defaults
Don't forget to config /etc/apf/conf.apf !
Cheers

canda

04-24-2006, 03:22 PM

For reference in case anyone else is looking to do this, I tried the steps as posted by payman on Debian 3.1 and all appears to be working fine. :)

roelp

04-25-2006, 04:41 AM

If you want to install APF on debian, you can use the following link to apt-get it:
http://debian.pcextreme.nl/

Add the following in your /etc/apt/sources.list:
deb http://ftp.nl.apt-get.eu/debian/ sarge unofficial

apt-get update

apt-get install apf

smoked1

03-02-2007, 04:54 PM

I tried what payman said and i am still getting this error when I try and execute /etc/init.d/apf start

ah24

05-07-2007, 11:37 AM

Hi! everyone
I have little question. how can I block ping request in firewall, which place? anyone know? I use APF firewall

Saeven

10-21-2007, 12:23 PM

In APF, in conf.apf, remove type 8 from the ICMP_TYPES to globally block ping.

ah24

11-23-2007, 02:16 AM

Thx for help.

dwm

12-11-2007, 07:23 AM

Any problems with the /etc/init.d/ and /etc/rc.d/init.d/ can be solved adding a symbolic link:

#mkdir /etc/rc.d/; cd /etc/rc.d/; ln -s /etc/init.d/ init.d

greenm

12-20-2007, 03:20 AM

i found this, maby someone think its usefull:

http://www.webhostgear.com/61.html