I have no idea how this occured but my ip address is banned from my own server and I cannot access my site. Now, if i go to another location and do the following (below) I am able to get onto my machine, however, everyday my machine resets and I have the same problem. Can anyone tell me how to make sure my machine doesn't reset? Or How can I get my IP address unblocked?

[~]# /etc/init.d/iptables save

Saving firewall rules to /etc/sysconfig/iptables:

[~]# /etc/init.d/iptables stop

Flushing firewall rules:

Setting chains to policy ACCEPT: mangle filter

Unloading iptables modules:

[~]# chkconfig --levels 2345 iptables off

[~]# chkconfig --levels 2345 apf off

Check: allow_host.rules & deny_host.rules

Are you using APF?

not sure what apf is? Please explain and thanks in advance.

All I know is that my IP is listed in my firewall. This all came along all of a sudden and I wasn't even aware that i had I had a running firewall.

APF is a policy based IPtables Firewall uses quite extensively with Linux based system. Here is some write up about it. http://www.rfxnetworks.com/apf.php

Where is your IP listed in the firewall definition ? It might be possible that it was listed in the wrong place and thus logging you out. Try removing it and see if it helps.

Alternatively, you can drop Support a ticket and ask them to disable the firewall properly so that you can get in and make the necessary changes.

my ip is listed here:

[~]# iptables -L | grep 65.96.2.57

DROP all -- c-65-96-2-57.hsd1.ny.comcast.net anywhere

Then I have this...

[~]# chkconfig --list | egrep 'iptables|apf'

apf 0:off 1:off 2:off 3:on 4:on 5:on 6:off

iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off

Run `iptables --flush` to clear your ruleset. That should unblock you.

ya but how do i get it to stop resetting each day. Everyday I get blocked out so flushing only goes so far.

well, it looks like you are using ipf.. so edit /etc/apf/allow_hosts.rules and add your ip to it.. then restart apf

or type if you have ssh access


I was just tyring to say apf -a your.server.i.p like apf -a you.r.i.p so that it looks like a ip and it says you rest in peace. And that is just too confusing.

Ya tell me about it IP'S kill me. I know more IP's then I know phone numbers.
And i know more domain names then i know adresses ips and phone number combined.

so type this via ssh

enter this: apf -a "77.999.99.99"

then this: apf -r

well first you have to find out where apf is located.

Depending on how your path is setup. You may be able to launch apf anyware.

It is also depending if you have installed apf on your server if not. I would higly recomend it. But from the looks of your post yes you do have apf.

it is usualy stored in /etc/apf

so you would type
/etc/apf -a 123.123.123.123 subsituting the numbers with your server ip
then

/etc/apf -r

i enter and recieved something like this....

-bash root@name /etc/apf

is a directory

/etc/apf -a 123.123.123.123

command not found

-r

Try

nothing seems to work. no matter what i do the machine resets each morning and my ip is blocked until i run command:

root@green [~]# /etc/init.d/iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
root@green [~]# /etc/init.d/iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: mangle filter [ OK ]
Unloading iptables modules: [ OK ]
root@green [~]# chkconfig --levels 2345 iptables off
root@green [~]# chkconfig --levels 2345 apf off

I have to get someone to run this command for me each day.
I have no idea how this happened, but it's really annoying.

anyone know the command to remove an ip from

/etc/apf/deny_hosts.rules

Use a text editor. Vi for gurus or nano for newbies.

If you are able to login on SSH at your server, type:

iptables -I INPUT -s youriphere -j ACCEPT

to drop an IP:
iptables -I INPUT -s 111.222.333.444 -j DROP

or to drop ranges of IP:
iptables -I INPUT -s 111.222.333.0/255.255.255.0 -j DROP

sif nano for newbies I love my nano

I still love nano , guess im a noobie