Hi juraj
Apologies over mistyping your name, old eyes on a small mobile screen
As far as I know, bfd will loom through the whole log until it has history in bfd
The only documentation is on rfx where you posted the link
Please can I ask what you set the trig value to I’m conf.bfd, are your cron set as default and how large is your pop log
I’m thinking if it’s large, it may not be completing in time, but it is exceptional quick I have to say
Many thanks
John
Hi John…
Don’t worry about mistyping my name 
and I don’t think that your eyes are older tham my
Y have fount where is the main problem …
When BFD is running first time it only calculates log file sizes … I think is doing nothing.
During next run is calculating nw=ew log file size and if it is biger then is starting to search only in this DELTA … NewFileSize - OldFileSize = DELTA…
It means is looking only to end of log file …
I have overwrited size value in these files to 1 and it started to go through whole log file now I have plenty od blocked IP addresses 
So simple …
If it would be created log file via rotating … then it would be OK…
That means that problem is only after nwe installation of BFD…
Thanks for nice Forum-Talking
JURAJ
Hi juraj
Excellent news and thanks for posting your resolve
I myself do not see that on our systems, as we load bfd on first setup
Just a heads up, the firewall will only restrain 200 entries I think, but I’ll post tommorow how to make the firewall retain iptables in definitely, or set the value to retain to match your requirements
Glad you resolved it and have a lovely night
Many thanks
John
Hi Juraj
To change the limit of number of IP addresses held before been removed (oldest first as new IP are added), you need to
ssh into server
cd /etc/apf
vi conf.apf (or your prefered text editor)
locate the following line and set your value accordingly
SET_TRIM=“200”
save and restart firewall
I hope that helps
Many thanks
John
Hi John.
Thanks …
I have found it
Bye Juraj