Date:  Thu, 16 Feb 2006 23:34:28 +0100
From:  Michael Stauber <bq (at mark) solarspeed.net>
Subject:  [coba-e:04108] Re: APF
To:  coba-e (at mark) bluequartz.org
Message-Id:  <200602162334.29042.bq (at mark) solarspeed.net>
In-Reply-To:  <20060216205406.GA20752 (at mark) xs4all.nl>
References:  <20060216171841.GA4659 (at mark) xs4all.nl> <200602161929.09900.bq (at mark) solarspeed.net> <20060216205406.GA20752 (at mark) xs4all.nl>
X-Mail-Count: 04108

Hi Maurice,

> At this point, I have to ask 'what is LCAP?',

See http://packages.debian.org/stable/admin/lcap
It allows to lock down the Linux kernel by removing certain capabilities.

> It is not that iptables doesn't want to load. I can start APF (based on
> iptables), and it blocks p.e. connection to the mysql-port. But at the
> next full hour (when /etc/cron.hourly/log_traffic run) the firewall isn't
> working anymore, because I can connect to the mysql port again.

Solution:
rm /etc/cron.hourly/log_traffic run

Or move it someplace else, like /root for later reference:
mv /etc/cron.hourly/log_traffic run /root/

And no: I'm not kidding. 

That script in question is used to log the traffic of the box with a couple of 
iptables rules for traffic accounting. It gets in the way with your custom 
firewall script, because every hour when that script runs it will modify or 
remove the firewall rules that you have set up. 

-- 

With best regards,

Michael Stauber