Main: Info Blog Temp Mail

unix 2011-12-31 22-27-03

Install APF Firewall in Linux

Tutorial on installing APF firewall (IP tables based) in Linux.

When it comes to security, there is no such thing without firewall. when you buy a new dedicated or vps server, atleast make sure you install a firewall to protect your server from various intrusion attacks. Within minutes you can set up your firewall up and running. APF firewall is one of the popular and easy to setup IP tables based firewall for Linux servers. It also has additional features like prevention from DoS attacks.

Just follow the steps to setup and configure the firewall.

CAUTION: Be careful on setting up the firewall on what ports to open and what not. If you arent sure, you may lock yourself out

> wget
> tar -zxf apf-0.9.3.tar.gz
Now run the install shell script. Make sure you have iptables installed before you install apf firewall.

> cd apf-0.9.3
> ./
After installation, you have to manually configure your firewall settings on what ports to open and what to block. You can edit the configuration file located in /etc/apf/conf.apf

Installed paths

Configuration File: /etc/apf/conf.apf
Binary: /usr/local/sbin/apf
Start/Stop: /etc/init/d/apf (start|stop|restart)
Log: /var/log/apf_log
Antidos conf file: /etc/apf/ad/config.antidos

You can also use commands in the command line

apf -s (start)
apf -r (to restart)
apf -f (to stop)

Firewall Configuration

Now open /etc/apf/conf.apf configuration file to manually make settings.

> nano /etc/apf/conf.apf
Step 1:

Locate EGF="0" and change to EGF="1"
Locate and set USE_AD="1"
Step 2:

Locate DEVEL_MODE and its value must be DEVEL_MODE="1"
(Once you make sure that firewall is working fine, you can set this value to "0" later)

Step 3:

Here is the most important part on setting up ports. Make sure you dont lock yourself out by misquoting the port number. If you are using cpanel make sure you open 2082 and 2087 as otherwise you will not be able to login into cpanel.

For Cpanel:

Make sure you locate the following lines and change the values there.

# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=" 20,21,22,25,26,53,80,110,143,443,465,993,995,2077,2078,2082,

# Common ingress (inbound) UDP ports

# Common ICMP (inbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any

# Common egress (outbound) TCP ports

# Common egress (outbound) UDP ports

# Common ICMP (outbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any

For Plesk:

# Common ingress (inbound) TCP ports

# Common ingress (inbound) UDP ports

# Common ICMP (inbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any

# Common egress (outbound) TCP ports

# Common egress (outbound) UDP ports

Step 5:

Finally set DEVEL_MODE='0'
APF Firewall for VPS Servers:

If you are running apf firewall in VPS, there is a possibility that you will get "eth0: Device not found". Instead you have to make settings in the configuration file.

Find the following lines and change the values like below.

IFACE_IN = "venet0"
IFACE_OUT = "venet0"

<port settings as above>
(The above line is important to have "1" if you are in VPS server as otherwise you will get unable to load ip tables module")

Removing APF firewall

First stop the apf

/etc/init.d/apf stop
Then, flush ip tables and remove all existing apf files even in cron job

iptables -F
rm -Rf /etc/apf
rm -Rf /usr/local/sbin/apf
rm -Rf /etc/rc.d/init.d/apf
rm -Rf /var/log/apf_log
rm -Rf /var/log/apfados_log

/sbin/chkconfig --level 345 apf off
Now remove this cron job

nano /etc/cron.daily/fw

Find and Remove this line:
/etc/rc.d/init.d/apf restart >> /dev/null 2>&1
Disclaimer: Usage of this tutorial is at your own risk. We cannot be responsible for any loss or damage incured as a result of this article. / 2024-07-14_13-42-45 UTC.