How TO install APF Firewall

"Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today's Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file."
(http://rfxnetworks.com/apf.php)

How To install APF firewall
Login to your server as root, then:
# cd /usr/srcwget
http://rfxnetworks.com/downloads/apf-current.tar.gz
# tar -xvzf apf-current.tar.gz
# rm -f apf-current.tar.gz
# cd apf-*
# ./install.shcd /etc/apf

Port configuration:
Ports 2082 to port 2095 is mostly used by cpanel, and port 19638 is only use in ensim.


Edit conf.apf
# nano conf.apf

Common ingress (inbound) TCP IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306,10000,35000_35999"

Common ingress (inbound) UDP
IG_UDP_CPORTS="20,21,53,1040"

Exit and save and then restart apf:
# service apf start

If APF is functioning fine, edit the conf.apf
# nano conf.apf

Set the DEVM parameter to 0DEVM="0"

Now you can Restart APF, and is done:
# service apf restart

1 Comments:

Ausitn Coté Williams said...

When you said the following above:

# cd /usr/srcwget http://rfxnetworks.com/downloads/apf-current.tar.gz
# tar -xvzf apf-current.tar.gz
# rm -f apf-current.tar.gz
# cd apf-*
# ./install.shcd /etc/apf

It should have instead been:

# cd /usr/src
# wget http://rfxnetworks.com/downloads/apf-current.tar.gz
# tar -xvzf apf-current.tar.gz
# rm -f apf-current.tar.gz
# cd apf-*
# ./install.sh
# cd /etc/apf