Not sure what I’m doing or how to get the firewall started in Nodeworx.
Checking status I get…
unable to load iptables module (ip_tables), aborting.
And errors if I try to start apf in shell…
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
/etc/apf/firewall: line 1: /sbin/lsmod: No such file or directory
Unable to load iptables module (ip_tables), aborting.
You wouldn’t happen to be on a VPS would you? If so, APF and Virtuozzo takes some additional work to get working together nicely. Here’s a couple articles from the SWSoft knowledgebase:
Initially the OS had to be enabled for iptables. Once the host did that I turned on the firewall in Virtuozzo and used the ‘advanced’ setting. Then I got out of Virtuozzo. I don’t like it there.
I’m not always sure when it matters, but it’s good practice to try ssh any time your gut feels funny about changing something in APF.
At first APF wouldn’t start from the command line. But after getting re-acquainted with a few files, it was relatively painless getting it to start. Initially it aborted with errors about locating iptables but these errors eventually went away.
The APF front end in NodeWorx is equivalent to editing
/etc/apf/conf.apf
The Trusted/Blocked access controls in Nodeworx are equivalent to editing
/etc/apf/allow_hosts.rules
and
/etc/apf/deny_hosts.rules
Keep Debug mode off in case you block yourself (eg port 22). When the firewall is working the way you want is the time to turn debug mode off.
Debug Mode in Nodeworx is equivalent to DEVM=“1” (on) or DEVM=“0” (off) in the file
/etc/apf/conf.apf
Restart apf at the command line and enable it in Nodeworx. For me it turned from pink to green first time. Five minutes later it shut off. Which is good because debug mode is on. DEVM is a 5 minute cron that will flush the tables which disables the firewall.
In Nodeworx add your server’s IP to Trusted and go from there. Click the help link (?) for info on these settings in /etc/apf/conf.apf –