12-02-2011 Our Global Security Service (GSS) is now connected to customers using the Advanced Policy Firewall (APF).

Prior to today, customers on our GSS system that were using APF for their software firewall had spend time checking why an IP address was blocked by our global security service.

Is the IP active in their iptables firewall? Is it in APF’s deny_hosts.rules file? If not, then I need to go and check another log file to see if it is in that log file.

It was time consuming, and for IP addresses blocked by our GSS system, customers had to manually remove the IP if the IP block was a false positive.

Now, customers using APF just have to check their deny_hosts.rules file to see if our GSS system blocked and IP and for what rule.

For example on our of our client servers, their deny_hosts.rules file shows the following (in part):

# added 84.74.127.76 on 12/02/11 04:35:00 with comment: gss block for rule id 9952
84.74.127.76
# added 117.79.91.67 on 12/02/11 07:48:36 with comment: gss block for rule id 5720
117.79.91.67

Now, if a customer using APF determines the IP block was a false positive, they can use APF directly to remove the false positive.

For those not familiar with our global security service, the above IP addresses are blocked for a period of time with repeat offenders being blocked longer, even longer, and much longer.

When our Global Security Service is tied to our log monitoring service which includes security snitching, the entire Internet becomes safer over time.

Please contact us if you have any questions.