ewdi
2004-06-14, 03:46 AM CDT
Here is how to install and configure APF firewall (My Favorite firewall and popular among server admins) :p
Website : http://www.rfxnetworks.com/apf.php
1. Grab latest APF package
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
2. Extract It
tar -xvzf apf-current.tar.gz
3. Go to the extracted folder
cd apf-version/ (replace version with the version number - try to ls if you dont know)
4. Installing it
./install.sh
You should see these
APF installed
Install path: /etc/apf
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
5. Configure your firewall settings, this case i use pico (my fav) you can use others such as vi or nano.
pico /etc/apf/conf.apf
follow the instructions on config files.
Sample port config from our server
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS="21,22,25,53,80,110,143,443"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"
Common egress (outbound) ports
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
Remember to disable DEVM="1" to 0 if your firewall is working. If you set to 1 it will flush your firewall rules so you wont get lock up from outside (if this is remote server)
Start your firewall with
/usr/local/sbin/apf -s
To autostart apf on reboot, run this:
chkconfig --level 2345 apf on
To autostart apf on reboot, run this:
chkconfig --level 2345 apf on
Hope this how to helps :)
Website : http://www.rfxnetworks.com/apf.php
1. Grab latest APF package
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
2. Extract It
tar -xvzf apf-current.tar.gz
3. Go to the extracted folder
cd apf-version/ (replace version with the version number - try to ls if you dont know)
4. Installing it
./install.sh
You should see these
APF installed
Install path: /etc/apf
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
5. Configure your firewall settings, this case i use pico (my fav) you can use others such as vi or nano.
pico /etc/apf/conf.apf
follow the instructions on config files.
Sample port config from our server
Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS="21,22,25,53,80,110,143,443"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"
Common egress (outbound) ports
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"
Remember to disable DEVM="1" to 0 if your firewall is working. If you set to 1 it will flush your firewall rules so you wont get lock up from outside (if this is remote server)
Start your firewall with
/usr/local/sbin/apf -s
To autostart apf on reboot, run this:
chkconfig --level 2345 apf on
To autostart apf on reboot, run this:
chkconfig --level 2345 apf on
Hope this how to helps :)