Do I need to restart APF after BFD has detected an attack and
entered a new IP in the deny file? I cannot find anything about
such in the docs, configs, and scripts.

Thanks!

http://www.rfxnetworks.com/apf.php
http://www.rfxnetworks.com/bfd.php