Knowledgebase
Knowledgebase
Portal Home > Knowledgebase > Articles Database > APF - Advanced Policy Firewall - Questions
APF - Advanced Policy Firewall - Questions
Posted by pmabraham, 09-02-2008, 09:16 AM Greetings: 1. If we turn "USE_RGT", how often are the global rules updated on the target servers? 2. In the current version of APF, do you have any recommendations for moving the iptables logging from /var/log/messages to its own other than http://www.webhostgear.com/167_print.html? My main issue with http://www.webhostgear.com/167_print.html and related articles is the need to hack the firewall script every time there's an update. 3. How would I set up prerouting dnat rules in APF such as iptables -t nat -A PREROUTING -p tcp --dport 2525 -i eth0 -j DNAT --to [our mail server ip without brakets]:25 ? I see there's a prerouting rules file, but no explanation of syntax or format. Thank you.
Posted by pmabraham, 09-03-2008, 11:02 AM Greetings: It appears trust rules are updated every 10 minutes including the RGT files. For dnat, we worked this out by editing /etc/apf/preroute.rules and after the "# place your custom routing rules below" comment putting the full command using the full path to the iptables binary. So right now the only outstanding issue is to learn the best way for having apf log iptable actions to another file other than /var/log/messages in a way that does not require modifying the apf firewall script (which means every update would require re-applying the modifications). What other alternatives to http://www.webhostgear.com/167_print.html exist in terms of having apf log iptables to a location other than /var/log/messages? Thank you.
Add to Favourites 
Print this Article
Also Read
