How to install APF (Advanced Policy Firewall) firewall on Linux server

“Advanced Policy Firewall (APF) is an IPTables(Netfilter) based firewall system designed around the essential needs of today’s Linux servers. The configuration is designed to be very informative and easy to follow. The management on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information on all the features.”

 

Go to the download folder.

cd /usr/local/src

Download the apf tar file.

wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

Untar the file.

tar -zxf apf-current.tar.gz

Go to apf folder now

cd apf

Now, run the below command to install apf on server.

./install.sh

It will show you below output.

Installing APF 0.9.5-1: Completed.

Installation Details:
Install path:         /etc/apf/
Config path:          /etc/apf/conf.apf
Executable path:      /usr/local/sbin/apf

Edit the apf as per your need.

vi /etc/apf/conf.apf

For plesk panel

IG_TCP_CPORTS=”20,21,22,25,53,80,110,143,443,465,993,995,8443″
IG_UDP_CPORTS=”37,53,873″

EGF=”1″
EG_TCP_CPORTS=”20,21,22,25,53,37,43,80,113,443,465,873,5224″
EG_UDP_CPORTS=”53,873″

For CPanel only

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500″
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF=”1″

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43,2089″
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″

For Ensim only

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,19638″
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF=”1″

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43″
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″

Save the file and restart apf with following command :-

apf -r

If everything goes fine then re edit the conf.apf file and set dev mode off. It should look like following :-

DEVEL_MODE=”0?

Reload apf once again with below command.

apf -r

To autostart apf on reboot, run this:

chkconfig –level 2345 apf on

To remove it from autostart, run this:

chkconfig –del apf

 

Keeping in mind the DEVEL_MODE option we start APF like that:

/usr/local/sbin/apf -s

We can use the following parameters:

-s – start APF
-r – restart APF

-f – stop APF

-l – list statistics

-st – status of APF

-a host – allow connections from “host”

-d host – deny connections from “host”