R-fx Networks

Tag: apf

Happy Birthday APF: 8 Years Strong

by on Mar.09, 2011, under My Blog

On this day eight years ago, Advanced Policy Firewall (APF) version 0.5 for Linux was publicly released. Since then, APF has stood the test of time and still remains to this day, one of the most widely used Linux firewall solutions, with especially high usage in the web hosting industry.

I was 18 years old when APF first met the world, I was a very different person back then and so to was the web hosting industry. There was but a handful of dedicated server providers, it was a time when Cobalt RAQ’s still dominated a large part of the leased server market and white-box leased servers were quickly starting to pickup momentum from providers such as rackshack.net. As every other person tried to start a web hosting business, it quickly became clear on many industry forums and websites that there lacked an easy-to-use firewall solution that was also comprehensive. This is where APF came in, it gave to the masses a simple, usable and stable firewall suite for servers that were typically managed by individuals with very little to no experience in Linux ipchains and later iptables firewalling.

The project has seen in excess of 400,000 downloads to date or 55% of all downloads in the last 10 years on rfxn.com, the latest versions which retrieves data daily from rfxn.com reports that there is over 24,000 active APF installations with these features enabled, countless thousands more with them disabled or legacy releases, and countless more applications ship with APF integrated. In excess of 1,700 separate corporate, governmental and organizational networks report using APF (through ASN tracking) and roughly 260,000 web sites are directly protected by APF (through domainsbyip.com tracking). Any google search on APF or related terms quickly brings up tens of thousands of references to the project in an assortment of installation , usage and best practice guides.

It is clear APF is a force, it is here to stay, sure there is much that can be improved upon it and that will come with time but for now, let us acknowledge that this has been a good 8 years for APF and here is to many more, happy birthday APF and Long live open source software 🙂

7 Comments : more...

rfxn.com In Numbers

by on May.27, 2010, under Development, My Blog

Yup, nothing to see here except numbers…

2,018: Downloads of the newest project, Linux Malware Detect, month to date.
2,294: Signatures for Linux Malware Detect.
6,207: Downloads for all projects for the month to date.
14,176: Google results with link backs to rfxn.com or related domains (i.e: r-fx.org, rfxn.org etc..).
30,061: Active APF installations relative to unique IP’s fetching the reserved.networks file daily.
70,826: Project downloads for the last 12 months, May 2009 – April 2010.
133,931: Total visitor session to rfxn.com, month to date.
258,154: The number of web sites protected by APF (passed unique install IP’s to domainsbyip.com).
1,231,604: Total hits to rfxn.com, month to date.

Leave a Comment :, more...

Let The Rewrites Begin: New Life For PRM

by on May.24, 2010, under Development

In my last post, I reflected on the last 7-8 years of projects here at rfxn.com, in doing so I also dug up some statistics on project downloads. I not only did this for my own curiosity but to prioritize the mile long to do list I have for the projects, based on downloads. One of the revealing things was just exactly what people are downloading, in particular that projects like LES , PRM & SIM are still very popular download destinations on the site.

Although a new incarnation of APF & BFD are on the agenda, I thought I would work up to those by first knocking off rewrites of some of the smaller projects, starting this off is PRM. This is a project originally written in December of 2003 and although it has stood the test of time by doing exactly what it was intended for and doing it reliably, it was starting to show its age in a number of ways, especially the not-so-intuitive logic and less-than-appealing documentation.

Today I have put out PRM v1.0.6, a ground-up rewrite of just about everything in the project, simplified logic, oodles of new features and one of the biggest problem areas over the years, far better ignore options to control exactly what PRM does along with detailed documentation.

Enough said, check the changelog for for summary of changes and the README for details on the new usage.

Project Page: http://www.rfxn.com/projects/process-resource-monitor/
Current Release:
http://www.rfxn.com/downloads/prm-current.tar.gz
http://www.rfxn.com/appdocs/README.prm
http://www.rfxn.com/appdocs/CHANGELOG.prm

Leave a Comment :, , , , more...

The Test Of Time: 7 Years & Counting…

by on May.17, 2010, under My Blog

Today I woke up and was in a weird mood, I started to take stock of some thing while at the same time cleaning out the rfxn.com projects and downloads repo (thats a whole other story in itself). In doing so, I realized just how long I have been doing this, it sometimes gets past me just how much time has gone by since my first projects went up.

In November of 2002 I put out the first public version of System Integrity Monitor over at the then rackshack community forums, at a time when Cobalt Raq’s and bargain basement Ensim servers were still the cool thing and ProFTPd and Apache crashing every other morning was also the norm. A short time later, in March of 2003, I put up the first release of Advanced Policy Firewall, without a doubt my most popular project so far.

Here we are, a little over 7 years later and the projects are by any standard still going strong, certainly not as strong as they always were but then again 7 years ago — let alone a couple of years ago — alternatives were few and far between and now there are many projects that have derived some form of inspiration from my own and it is certainly satisfying to know people continue to find value in my work or that I have helped inspire the creations of others.

Over the years, I have moved servers many times, either because of changing employers (often my hosting is provided by my employer) or because I am just A.D.D. like that and am forever breaking things / moving things around. This has always caused a bit of an issue to grasp the actual amount of downloads the projects receive, the last time I took stock of any tangible stats was nearly 3 years ago and the projects had a yearly download rate of about 140k.

This morning I compiled some stats on the last year of project downloads as I finally do have a full year of workable stats again. I will end this post with the stats below while saying that the projects are very much alive and not going anywhere, I have some exciting things planed for the future of the projects and hope everyone can join me while I work towards getting there. Thank you to new and old users alike for always being supportive with simply downloading my work, offering feedback and most of all to everyone that has and continues to donate.

Download Stats (May 2009 – April 2010)
APF 41,374
BFD 13,643
LES 5,662
SIM 4,074
OTHER 6,073 (prm, spri etc…)
Total 70,826

2 Comments :, more...

Out with the old, In with the new!

by on May.06, 2010, under My Blog

The old theme was doing my head in, so I ditched it. Keep an eye out in the coming days/weeks for new releases of APF & BFD in addition to a few more howto entries and the release of maldetect with a ATF stats landing page.

1 Comment :, , , more...

(ATF) Aggregate Threat Feed

by on May.02, 2010, under Development

aggregate feed sexyness

ATF sexyness

For my first post back into things in awhile (a long while), I thought I would introduce everyone to the sexyness that i’ve called the Aggregate Threat Feed or ATF for short. This feed is derived from threat data at work, namely our network edge IPS (a custom snort implementation, another post on that later) and aggregated firewall data from 250+ servers, mostly being brute force/invasive scan attack addresses.

There really is nothing terribly fancy about this, the data is presented in a drop list format that is updated every 15 minutes with an optional variable to adjust the amount of addresses returned:

http://asonoc.com/api/atf.php?top=50 (defaults at 100)

The entries in the list are sorted on the database side by highest event count first, you can optionally view the source and event count entries in the list but this is considered strictly for review purposes (it wouldn’t be of much other use). Take note that the maximum value for ‘top’ is 300.

http://asonoc.com/api/atf.php?top=300&fmt=list

The review data looks something like follows:

IP | SOURCE | EVENTS
———————-
187.45.224.5 ips 227
92.48.206.91 ips 202
69.13.196.47 fw 176
210.17.251.159 ips 130
83.170.110.194 fw 125

This is pretty basic to understand, the distinction to note however is that event numbers for IPS source data can be 50 events against 1 or 20 servers whereas the event count for fw sourced data typically reflect unique servers. So an address sourced from fw data with 200 events, actually hit 200 servers.

The next release of APF due in the coming months, will feature many changes and among them will be the inclusion of ATF as part of the new feed subscription feature. Further, users will have the option to enable reporting to the rfxn.com server that allows your own block data to be included in the ATF database. As more installations opt-in on this feature it will allow data aggregation to reflect a more global threat landscape that truly represents the users of APF (currently active installations based on those fetching the rfxn.com reserved.networks list daily: 46,921).

Also on the agenda is a simple ATF landing page that presents statistical data and some fancy graphs/charts (probably use google api cause im lazy like that), that will allow users to better visualize threats included in the feed and details on the actual events that caused an address to end up in it (snort events, firewall triggers etc..).

EOF

2 Comments :, , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit our friends!

A few highly recommended friends...