Advanced Policy Firewall is a popular firewall used on Linux servers, installing APF firewall is simple.
Following commands will install APF on your server.
cd /usr/local/src wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz tar -zxvf apf-current.tar.gz cd apf-* ./install.sh
On installation, APF will copy files in following locations
Install path: /etc/apf/ Config path: /etc/apf/conf.apf Executable path: /usr/local/sbin/apf AntiDos install path: /etc/apf/ad/ AntiDos config path: /etc/apf/ad/conf.antidos DShield Client Parser: /etc/apf/extras/dshield/
Before you start APF, you need to configure it, by default access to SSH port is allowed, all other ports are blocked and you need to open required ports.
Configuration of APF is done by editing configuration file /etc/apf/conf.apf
# vi /etc/apf/conf.apf
inbound ports can be opend by adding port to IG_TCP_CPORTS or IG_UDP_CPORTS available. Following is recommended value for Cpanel Servers.
21 - FTP Server
22 - SSH
25 - SMTP server
53 - TCP and UDP DNS Server
110 - pop3 server
123 - used by NTP (time server)
2089 - is used by cpanel licence server.
3306 - used by MySQL
30000_35000 - Passive Mode FTP
By default APF work in DEVEL_MODE. That is when you start the firewall, the rules will be flushed after 5 minutes. This way, if some firewall rule blocked you from accessing the server, you can get back after 5 minutes.
After you have tested firewall, make it active by disabling DEVEL_MODE. This is done by editing /etc/apf/conf.apf
FIND: DEVEL_MODE="1" REPLACE WITH: DEVEL_MODE="0"
apf -s start firewall apf -f stop firewall apf -d IPADDR block an IP