Getting APF (or iptables) to autoblock with Directadmin through custom scripts

Hello,

I’m trying to get it so that when DA detects failed logins that it autoblocks via APF – I think the following might be the same issue with the iptables

I followed this guide for iptables here http://help.directadmin.com/item.php?id=380 and tweaked it a little following the BSD instructions (I’m on Centos fyi)

My issue is around permissions I believe, it correctly runs the brute_force_notice_ip.sh but it doesn’t appear to run the block_ip.sh

My brute_force_notice_ip.sh is stock from the download (chmod 755)

my block_ip.sh is the following (chmod 700)

Code:

#!/bin/sh
echo "Blocking $ip with apf ...<br>";
apf -d $ip
exit $?


what I did notice is that all the files have permissions of diradmin, and well diradmin cannot run either iptables or apf

so has anyone been able to run this correctly? I could change the scripts to root however I’m assuming that it needs to be diradmin to run?

I’ve tryed adding diradmin to the group that can run APF and mirrored the roots permissions on those directories but I get the following error

diradmin~]$ /etc/apf/apf
/etc/apf/conf.apf: line 537: /etc/apf/internals/internals.conf: Permission denied

where diradmin is in the apfusers group, which has the same permissions as the owner (root) on all files in the apf structure

-rw-rw—- 1 root apfusers 1726 Apr 12 2012 internals.conf

so, it appears that the scripts don’t work, as iptables and or apf require root to run and diradmin runs the scripts