Advanced Policy Firewall (APF)

Advanced Policy Firewall is a popular firewall used on Linux servers, installing APF firewall is simple.

Following commands will install APF on your server.

            cd /usr/local/src
            wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
            tar -zxvf apf-current.tar.gz
            cd apf-*
            ./install.sh
            

On installation, APF will copy files in following locations

            Install path:         /etc/apf/
            Config path:          /etc/apf/conf.apf
            Executable path:      /usr/local/sbin/apf
            AntiDos install path: /etc/apf/ad/
            AntiDos config path:  /etc/apf/ad/conf.antidos
            DShield Client Parser:  /etc/apf/extras/dshield/
            

Before you start APF, you need to configure it, by default access to SSH port is allowed, all other ports are blocked and you need to open required ports.

Configuration of APF is done by editing configuration file /etc/apf/conf.apf

            # vi /etc/apf/conf.apf
            

inbound Ports

inbound ports can be opend by adding port to IG_TCP_CPORTS or IG_UDP_CPORTS available. Following is recommended value for Cpanel Servers.

IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083, 2086,2087,2095,2096,3333,30000_35000"

IG_UDP_CPORTS="53,123"

outbound ports

EG_TCP_CPORTS="21,25,80,443,43,2089"
EG_UDP_CPORTS="20,21,53,123"

PORTS

21 - FTP Server
22 - SSH
25 - SMTP server
53 - TCP and UDP DNS Server
110 - pop3 server
123 - used by NTP (time server)
2089 - is used by cpanel licence server.
3306 - used by MySQL
30000_35000 - Passive Mode FTP

Testing APF

By default APF work in DEVEL_MODE. That is when you start the firewall, the rules will be flushed after 5 minutes. This way, if some firewall rule blocked you from accessing the server, you can get back after 5 minutes.

After you have tested firewall, make it active by disabling DEVEL_MODE. This is done by editing /etc/apf/conf.apf

            FIND:
            DEVEL_MODE="1"
            REPLACE WITH:
            DEVEL_MODE="0"
            

Using APF Firewall

            apf -s           start firewall
            apf -f           stop firewall
            apf -d IPADDR    block an IP
            

Unable to load iptables module (ipt_state), aborting.

Get in touch with us

Questions? Concerns? Comments? We want to hear from you!
Drop us a line with whatever is on your mind and we will get back to you ASAP!!