Networking & Security

Related Articles

DDOS Prevention Tools : APF Installation

Print E-mail
Networking & Security - Security
Written by Russel Boyd   
Saturday, 11 March 2006 00:00
APF or Advanced Policy Firewall is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux.

Installation:

  1. Login as root to your server.
  2. Change to /usr/src:
    cd /usr/src
  3. Download the APF tar file from RFXnetworks.com:
    wget http://rfxnetworks.com/downloads/apf-current.tar.gz
  4. Extract the tar.gz file:
    tar -xvzf apf-current.tar.gz
  5. Delete the tar.gz file:
    rm -f apf-current.tar.gz
  6. Change to directory where APF was extracted.
    cd /usr/src/apf-x.x
  7. Execute the APF installation script.
    sh ./install.sh
  8. Change to directory /etc/apf.
    cd /etc/apf
  9. Edit the conf.apf file.
  10. Start APF:
    ./apf --start
    or
    service apf start

Typical Configuration:

Edit /etc/apf/conf.apf.

# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 993, 995, 2082, 2083, 2086, 2087, 2095, 2096, 3306, 10000, 35000_35999". NOTE: ports 2082 to port 2095 is mostly used by cpanel, and port 19638 is only use in ensim.

# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="20,21,53,1040"

# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"

# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"


APF Usage:

usage /usr/local/sbin/apf [OPTION]
-s|--start ......................... load all firewall policies
-r|--restart ....................... stop (flush) & reload firewall rules
-f|--stop........ .................. stop (flush) all firewall rules
-l|--list .......................... list chain rules
-t|--status ........................ firewall status
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
                                     immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
                                     immediately load new rule into firewall
-u|--unban HOST .................... remove host from [glob_]deny_hosts.rules
                                     and immediately remove rule from firewall
-o|--ovars ......................... output all conifguration options

Related Links:

 TCP/UDP - Networking Port Numbers
< Prev
Last Updated on Saturday, 11 March 2006 01:27
 

Networks
JoomlaHacks | Technovibe | PinoyProfessionals | MamboServe
© Ross Alvarez