How to configure APF to prevent DDOS attack

Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad

The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!

vi /etc/apf/ad/conf.antidos

LP_KLOG=”1″
IPT_BL=”1″

USR_ALERT=”1″
USER = “root”
ARIN_ALERT=”1″

There are various things you might want to fiddle with but I’ll get the ones that will alert you by email.

# [E-Mail Alerts]
Under this heading we have the following:

# Organization name to display on outgoing alert emails
CONAME=”Your Company”
Enter your company information name or server name..

# Send out user defined attack alerts [0=off,1=on]
USR_ALERT=”0″
Change this to 1 to get email alerts

# User for alerts to be mailed to
USR=”[email protected]
Enter your email address to receive the alerts

Save your changes and quit the file

Restart the firewall:

/usr/local/sbin/apf -r