Announcement Announcement Module
Collapse
No announcement yet.
APF (Advanced Policy Firewall) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • APF (Advanced Policy Firewall)

    APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux. APF is developed and maintained by R-fx Networks: http://www.rfxnetworks.com/apf.php

    This guide will show you how to install and configure APF firewall.

    Requirements:

    1. Root SSH access to your server.

    # cd /root/downloads or another temporary folder where you store your files.

    2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

    3. tar -xvzf apf-current.tar.gz

    4. cd apf-9.6-5/ or whatever the latest version is.

    5. Run the install file: ./install.sh

    You will receive a message saying it has been installed
    Installing APF 9.6-5: Completed.
    Installation Details:
    Install path: /etc/apf/
    Config path: /etc/apf/conf.apf
    Executable path: /usr/local/sbin/apf
    Other Details
    Listening TCP ports: 53,2086,2087,3306
    Listening UDP ports: 53,39437
    Note: These ports are not auto-configured; they are simply presented for information purposes.

    6. Lets configure the firewall: nano -w /etc/apf/conf.apf

    We like to use DShield.org’s “block” list of top networks that have exhibited
    suspicious activity.
    FIND: USE_DS=”0″
    CHANGE TO: USE_DS=”1″

    7. Configuring Firewall Ports:

    Cpanel Servers
    We like to use the following on our Cpanel Servers

    Common ingress (inbound) ports
    # Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
    IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,2082,208 3, 2086,2087, 2095, 2096,3000_3500″
    #
    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS=”53″
    Common egress (outbound) ports
    # Egress filtering [0 = Disabled / 1 = Enabled]
    EGF=”1″
    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS=”21,25,80,443,43,2089″
    #
    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS=”20,21,53″


    8. Starting the firewall

    /usr/local/sbin/apf -s
    Other commands:
    usage ./apf [OPTION]
    -s|–start ……………………. load firewall policies
    -r|–restart ………………….. flush & load firewall
    -f|–flush|–stop ……………… flush firewall
    -l|–list …………………….. list chain rules
    -st|–status ………………….. firewall status

    -a HOST CMT|–allow HOST COMMENT … add host (IP/FQDN) to allow_hosts.rules and
    immediately load new rule into firewall
    -d HOST CMT|–deny HOST COMMENT …. add host (IP/FQDN) to deny_hosts.rules and
    immediately load new rule into firewall

    9. After everything is fine, change the DEV option

    Stop the firewall from automatically clearing itself every 5 minutes from cron.
    We recommend changing this back to “0″ after you’ve had a chance to ensure everything is working well and tested the server out.
    nano -w /etc/apf/conf.apf

    FIND: DEVM=”1″
    CHANGE TO: DEVM=”0″
    10. Checking the APF Log
    Will show any changes to allow and deny hosts among other things.
    tail -f /var/log/apf_log
    Last edited by afsal; 6th June 2014, 12:00 PM.
Working...
X