spacer
spacer search

i-Vibe.com
developer resource & tips portal

Search
spacer
Newsflash
01/27/06: I just had some time to cleanup this website. I will add more articles for AJAX this coming weekend.
 
highway.jpg
Main Menu
Home
Articles
Programming
Networking/Security
Data Modeling
Interface Design
Developer News
Downloads
Links
Login





Lost Password?
No account yet? Register
Related Articles
 
Home arrow Networking/Security arrow Security arrow DDOS Prevention Tools : APF Installation
DDOS Prevention Tools : APF Installation Print E-mail
  • Currently 3.0/5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5

Rating: 3.0/5 (4 votes cast)

Written by Russel Boyd   
Saturday, 11 March 2006
APF or Advanced Policy Firewall is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux.

Installation:

  1. Login as root to your server.
  2. Change to /usr/src:
    cd /usr/src
  3. Download the APF tar file from RFXnetworks.com:
    wget http://rfxnetworks.com/downloads/apf-current.tar.gz
  4. Extract the tar.gz file:
    tar -xvzf apf-current.tar.gz
  5. Delete the tar.gz file:
    rm -f apf-current.tar.gz
  6. Change to directory where APF was extracted.
    cd /usr/src/apf-x.x
  7. Execute the APF installation script.
    sh ./install.sh
  8. Change to directory /etc/apf.
    cd /etc/apf
  9. Edit the conf.apf file.
  10. Start APF:
    ./apf --start
    or
    service apf start

Typical Configuration:

Edit /etc/apf/conf.apf.

# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 993, 995, 2082, 2083, 2086, 2087, 2095, 2096, 3306, 10000, 35000_35999". NOTE: ports 2082 to port 2095 is mostly used by cpanel, and port 19638 is only use in ensim.

# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="20,21,53,1040"

# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"

# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"


APF Usage:

usage /usr/local/sbin/apf [OPTION]
-s|--start ......................... load all firewall policies
-r|--restart ....................... stop (flush) & reload firewall rules
-f|--stop........ .................. stop (flush) all firewall rules
-l|--list .......................... list chain rules
-t|--status ........................ firewall status
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
                                     immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
                                     immediately load new rule into firewall
-u|--unban HOST .................... remove host from [glob_]deny_hosts.rules
                                     and immediately remove rule from firewall
-o|--ovars ......................... output all conifguration options

Related Links:

 TCP/UDP - Networking Port Numbers
 
< Prev
[ Back ]
spacer
 
spacer