Symptoms
- Some particular rules are removed from iptables firewall on daily basis while others are left intact;
-
Advanced Policy Firewall (APF) is installed on the system and is active:
# /usr/local/sbin/apf -st
APF Status Log:
Feb 04 13:41:41 server apf(9616): {glob} fast load snapshot saved
Feb 04 13:41:41 server apf(9616): {glob} firewall initalized
Feb 04 13:41:41 server apf(9724): {glob} default (ingress) input drop
Feb 04 13:41:41 server apf(9724): {glob} default (egress) output accept
Feb 04 13:41:41 server apf(9724): {glob} loading postroute.rules
Cause
Advanced Policy Firewall overrides iptables ruleset.
Resolution
Advanced Policy Firewall has a higher priority and allowed to override iptables ruleset.
1. Connect to the server via SSH ;
2. Add required rules to APF configuration file /etc/apf/conf.apf in accordance to its documentation
If APF is not needed – stop it and remove all rules:
# /usr/local/sbin/apf -f
# mv /etc/cron.daily/apf /root/apf