How to install APF (Advanced Policy Firewall) firewall on Linux server
“Advanced Policy Firewall (APF) is an IPTables(Netfilter) based firewall system designed around the essential needs of today’s Linux servers. The configuration is designed to be very informative and easy to follow. The management on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information on all the features.”
Go to the download folder.
cd /usr/local/src
Download the apf tar file.
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
Untar the file.
tar -zxf apf-current.tar.gz
Go to apf folder now
cd apf
Now, run the below command to install apf on server.
./install.sh
It will show you below output.
Installing APF 0.9.5-1: Completed.
Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
Edit the apf as per your need.
vi /etc/apf/conf.apf
For plesk panel
IG_TCP_CPORTS=”20,21,22,25,53,80,110,143,443,465,993,995,8443″
IG_UDP_CPORTS=”37,53,873″EGF=”1″
EG_TCP_CPORTS=”20,21,22,25,53,37,43,80,113,443,465,873,5224″
EG_UDP_CPORTS=”53,873″
For CPanel only
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500″
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF=”1″# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43,2089″
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″
For Ensim only
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,19638″
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF=”1″# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43″
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″
Save the file and restart apf with following command :-
apf -r
If everything goes fine then re edit the conf.apf file and set dev mode off. It should look like following :-
DEVEL_MODE=”0?
Reload apf once again with below command.
apf -r
To autostart apf on reboot, run this:
chkconfig –level 2345 apf on
To remove it from autostart, run this:
chkconfig –del apf
Keeping in mind the DEVEL_MODE option we start APF like that:
/usr/local/sbin/apf -s
We can use the following parameters:
-s – start APF
-r – restart APF-f – stop APF
-l – list statistics
-st – status of APF
-a host – allow connections from “host”
-d host – deny connections from “host”