unix 2011-12-31 22-28-19
Setup & Configure APF Firewall
APF firewall is a very good & ideal firewall for a server. APF firewall allows to open and block ports. Your server may be at high risk if unwanted ports are left open on the server and APF is handy tool for system administrators.
There are many options available to tweak APF firewall but we will go through the basics. Copy and paste following lines on your Linux Server :-
cd /usr/local/src
wget http://eukhost.com/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-0.*
./install.sh
Now edit config file with follow
pico /etc/apf/conf.apf
Scroll down to the “Common ingress (inbound) TCP ports section. Choose the correct configuration for your control panel from following 3 available options :-
=-=-=-=-=cPanel =-=-=-=-=
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096″
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”21,53,873″
EGF=”1″
# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089″
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,37,53,873″
=-=-=-=-=Ensim =-=-=-=-=
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,19638″
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″
EGF=”1″
# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,22,25,53,80,110,443″
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″
=-=-=-=-=Plesk =-=-=-=-=
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”20,21,22,25,53,80,110,143,443,465,993,995,8443″
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”37,53,873″
EGF=”1″
# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”20,21,22,25,53,37,43,80,113,443,465,873″
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”53,873″
Save the file and restart apf with following command :-
apf -r
If everything goes fine then re edit the conf.apf file and set dev mode off. It should look like following :-
DEVEL_MODE=”0″
Reload apf once again with apf -r command.