How TO install APF Firewall

"Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today's Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file."
(http://rfxnetworks.com/apf.php)

How To install APF firewall
Login to your server as root, then:
# cd /usr/srcwget http://rfxnetworks.com/downloads/apf-current.tar.gz
# tar -xvzf apf-current.tar.gz
# rm -f apf-current.tar.gz
# cd apf-*
# ./install.shcd /etc/apf

Port configuration:
Ports 2082 to port 2095 is mostly used by cpanel, and port 19638 is only use in ensim.

Edit conf.apf
# nano conf.apf

Common ingress (inbound) TCP IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306,10000,35000_35999"

Common ingress (inbound) UDP
IG_UDP_CPORTS="20,21,53,1040"

Exit and save and then restart apf:
# service apf start

If APF is functioning fine, edit the conf.apf
# nano conf.apf

Set the DEVM parameter to 0DEVM="0"

Now you can Restart APF, and is done:
# service apf restart

7:51 AM | Tags: , |

This entry was posted on 7:51 AM and is filed under firewall , security . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

1 Comments:

Ausitn Coté Williams said...

When you said the following above:

# cd /usr/srcwget http://rfxnetworks.com/downloads/apf-current.tar.gz
# tar -xvzf apf-current.tar.gz
# rm -f apf-current.tar.gz
# cd apf-*
# ./install.shcd /etc/apf

It should have instead been:

# cd /usr/src
# wget http://rfxnetworks.com/downloads/apf-current.tar.gz
# tar -xvzf apf-current.tar.gz
# rm -f apf-current.tar.gz
# cd apf-*
# ./install.sh
# cd /etc/apf

September 24, 2011 at 2:39 AM  

Post a Comment

Subscribe to: Post Comments (Atom)