Web Hosting Help and Information

Install APF (Advanced Policy Firewall)

Learn Web Hosting Help and Information on mps-web-hosting.com. Install APF (Advanced Policy Firewall) article will help answer your questions on Web Hosting Help and Information.We at mps-web-hosting.com specialize in Web Hosting Help and Information. Web Hosting Help and Information at mps-web-hosting.com provides the most up to date news and articles. If you have questions please do not hesitate to contact us.

Summary of features: - global ports configurtion via simple config file - configurable policies for each ip on the system [global config overrides] - powerfull postrouting rules for FWMARK and TOS - plug-in friendly for QoS [CBQ/HTB] - antidos subsystem to stop attacks before they become a significant threat - dshield.org block list support to ban networks exhibiting suspicious activity - advanced set of sysctl parameters for TCP stack hardening - advanced set of filter rules to remove undesired traffic - easy to use firewall managment script - trust based rule files (allow/deny); with advanced syntax support

1. Login to your server via SSH as root.

2. Make /usr/src the current working directory. Type: cd /usr/src

3. Obtain the most curent verison of APF. Type: wget http://rfxnetworks.com/downloads/apf-current.tar.gz

4. Expand the APF tar.gz file. Type: tar -xvzf apf-current.tar.gz

5. Remove the tar.gz file. Type: rm -f apf-current.tar.gz

6. Locate the APF directory. Type: ls -la Look for a directory named apf-#.#/ where #.# represents the version of APF being installed (APF version 0.8.7 would be in a directory apf-0.8.7/ and version 0.9 would be in a directory named apf-0.9).

7. Make the APF directory the current working directory. Use the directory name you located in step 5. Note that the numbers will change as new versions are released. Type: cd apf-0.9

8. Run the APF install. Type: sh ./install.sh

9. Make /etc/apf the current working directory. Type: cd /etc/apf

10. Edit the conf.apf file as desired. Type: pico -w conf.apf

In order for this firewall to work properly you have to edit/add/delete ports. These ports will allow services such as mail, ftp, and ssh to come in and out of the server. If you have changed any ports, please modify them below and add/remove as needed.

# Common ingress (inbound) TCP ports IG_TCP_CPORTS='20,21,22,25,53,80,110,143,443,465, 993,995,2082,2083,2086,2087,2095,2096,3306, 10000,35000_35999' Please note that ports 2082 to port 2095 is mostly used by cpanel, and port 19638 is only use in ensim.

# Common ingress (inbound) UDP ports IG_UDP_CPORTS='20,21,53,1040'

10. After you have finished editing the ports save the file and test APF. CTRL-X, Y to save enter to confirm

11. Start APF. Type: ./apf --start or Type: service apf start

12. If APF is functioning properly and you are not locked out edit the conf.apf again Type: pico -w conf.apf

13. Set the DEVM parameter to 0 DEVM='0'

14. Once done Exit and save the file. CTRL-X, Y to save enter to confirm

15. Restart APF Type: service apf restart

Enabling connections for server monitoring. Some service providers that offer monitoring need access to your server, and access without setting off alarms, firewalls etc. is a good thing. Just becareful which IP(s) you put in here.

1. To allow connections from xx.xx.xx.xx/24 Type: pico -w /etc/apf/allow_hosts.rules

2. At the very end of the file add this line xx.xx.xx.xx/24 Of course replace the xx.xx.xx.xx with the IP address provided to you.

Original: http://www.ukwebmasterforums.com/t4910-install-apf-advanced-policy-firewall.html

Web Hosting UK (http://www.session9.co.uk/ )

Webmaster Forums ( http://www.ukwebmasterforums.com/ )

Web Hosting Affiliate ( http://www.session9.co.uk/web-hosting-affiliate/ )

Domain Reseller ( http://www.domainvendor.co.uk/ )

More Articles: