Hello,

I have a client whose ISP just put him on an IP that appears to be blocked by APF on my server. When I turn off APF, he can access the website and his emails, but when I turn APF back on, he is denied.

I have been trying to figure out how to configure APF to permit his IP range, but have been unsuccessful.

Can anyone assist me with the proper command (or file to edit) to add his IP range to the allowed IP list?

Please keep in mind, I am not a linux guru, so the use of detailed instructions would be appreciated!

apf -a IP

will literally add it but you should first see WHY it is being banned:

egrep IP /etc/apf/deny_hosts.rules

^^ Does that return anything? If so he is in the blocklist for some reason and you need to remove it and restart.

Also if you have an old version of APF and he has a new IP range it may be blocked. If it is not in the deny list what are the first 2 octets (sets) of numbers in his ip? You can allow it in apf but most likely his IP will change and you will have the problem again.

It wasn't in the deny list, so I am pretty sure it is from an old version of APF. Thanks for your help, I was able to add his IP so it is working now, though I am concerned it may happen again when his modem pulls a new IP (you are correct, his ISP just obtained a new range of newly released IP's).

How do I update my version of APF to hopefully avoid this in the future?

In APF, make sure to turn off Private Networks otherwise you may find the 72 subnet blocked.

Thanks for the suggestions! Sorry to sound like a newbie, but how do I turn off private networks in APF?

He is in the 74.xx.xx.xx range of IP's, so would this possibly be causing the problem?

Otherwise, I would be interested in upgrading/updating to the newest verison of APF. Is there an easy way to do that without screwing up my server?