Bug#633648: apf-firewall: The SET_REFRESH option is useless because of cron ignores refresh.apf link
Package: apf-firewall Version: 9.7+rev1-2 Severity: important The SET_REFRESH option in conf.apt does not work because the cron daemon will ignore scripts in /etc/cron.d/ with dots (.) in their name, therefore the refresh.apf link is ignored. Instead cron will always download the rules once a day. Interestingly, if you rename the refresh.apf and take out the dot, cron will complain saying that there is an error in the minutes format (Debian specific issue?) -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#633649: apf-firewall: Reactive Address Blocking is not working because of a bad check of kernel value
Package: apf-firewall Version: 9.7+rev1-2 Severity: important The RAB capability is one of the most interesting things in apf, but it does not work without some tweak. RAB is not working because of a outdated line in check_rab() function in internal/functions.apf, Changing the line: if [ $RAB == 1 ] [ ! -f /lib/modules/$(uname -r)/kernel/net/ipv4/netfilter/ipt_recent.$MEXT ]; then To: if [ $RAB == 1 ] [ `grep -c recent /proc/net/ip_tables_matches` == 0 ]; then solves the issue as reported by many people on forums. I've also reported this issue to the apf developer. -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
