APF deny hosts file question

Discussion in 'Server Operation' started by XHrealm, Apr 5, 2016.

  1. XHrealm

    XHrealm New Member

    I've been running APF for years with good success. I have a number of CentOS servers using it. My question is about the /etc/apf/deny_hosts.rules list file. I'm guessing the behavior I'm about to describe is by design, but I want to make sure that something else isn't going on. What I've recently noticed is that after adding some additional lines to the deny hosts rules file and then restarting APF to activate those new rules, the entire commented area in the file (containing the examples, etc.) was suddenly gone. All that was left were the IPs/CIDR ranges to be blocked.

    So is this truncation by design? When the list of rules within the file reaches a certain length (perhaps 50 lines or so) is the commented area automatically purged as a feature to make it easier to see the list area? As a test I actually tried adding that upper commented section back from another APF installation on another server, but when I executed apf -r the commented lines were gone again. It's really no major issue - unless of course it's not supposed to do this. I currently have 51 lines in the mentioned file. I can try removing lines, one-by-one, and adding the upper commented section back just to see what happens at various list lengths. But I wanted to learn whether anyone here has knowledge of this apparent auto-truncation tendency first.

    Thanks in advance for any thoughts or comments.

Share This Page