Add a firewall for Linux: Install and set the TDS agent

Add a firewall for Linux: Install and set the TDS-Linux Enterprise Application-Linux server application. For more information, see the following. What is an ASF?

<G id = "1"> Advanced Policy Firewall </G> is a software Firewall developed by Rf-x Networks in Linux. This API uses the default iptables rule in Linux. It can be regarded as one of the most famous software firewalls in Linux.

Download the latest version of the apt:

Wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

Decompress:

Tar-xzvf apf-current.tar.gz

Go to the directory:

Cd apt-version

Install!

./Install. sh

After the installation is complete, configure the apt:

Nano/etc/APL/conf. Filters

Search (ctrl + w) USE_DS = "0" and change it to USE_DS = "1"; find USE_AD = "0" and change it to USE_AD = "1 ″.

Then configure the main part: port.

The following are recommended configurations for cPanel, Ensim, and Plesk.

CPanel
IG_TCP_CPORTS = "20, 21, 80,110,143,443,465,993,995,208 ″
IG_UDP_CPORTS = "873 ″

GF = "1 ″
EG_TCP_CPORTS = "80,110,113,443,465,873,208, 26 ″
EG_UDP_CPORTS = "20, 21, 37,53, 873 ″


Ensim
IG_TCP_CPORTS = "80,110,143,443,196, 22, 38 ″
IG_UDP_CPORTS = "53 ″

GF = "1 ″
EG_TCP_CPORTS = "80,110,443 ″
EG_UDP_CPORTS = "20, 21, 53 ″

Plesk
IG_TCP_CPORTS = "20, 21, 110,143,443,465,993,995,844 ″
IG_UDP_CPORTS = "873 ″

GF = "1 ″
EG_TCP_CPORTS = "20, 21, 113,443,465,873 ″
EG_UDP_CPORTS = "53,873 ″

The general ports are listed below for your convenience:

21/tcp ftp
22/tcp ssh
25/tcp smtp
26/tcp backup smtp Port
80/tcp http
110/tcp pop3
143/tcp imap
443/tcp https
993/tcp imaps
995/tcp pop3s
3306/tcp mysql
5432/tcp ipvs
53/udp dns

After the configuration is complete, save and exit, and start the apt Firewall:

/Usr/local/sbin/apt-s

Note that the firewall is running in debugging mode and the configuration is rewashed every five minutes. This prevents server paralysis due to incorrect configurations.

After the configuration is correct, go to the configuration file (nano/etc/NTFS/conf. APT) and change DEVM = "1" to DEVM = "0 ″. In this way, the system runs in normal mode.

Restart the <G id = "1"> sup </usr/local/sbin/sup-s> command ).

NOTE: If your Linux kernel directly compiles iptables instead of the module mode, change MONOKERN = "0" to MONOKERN = "1" in the configuration file ″.

Optional Configuration:
The new feature of the active/standby filter is to prevent DoS attacks (/etc/active ). The log files are stored in/var/log/apfados_log.

Next we will configure the apt to send an email to the Administrator after it encounters DoS.

Open the configuration file:

Nano-w/etc/APL/ad/conf. antidos

Find [E-Mail Alerts].

CONAME = "Your Company" is Your website or Company name.

Change USR_ALERT = "0" to USR_ALERT = "0" so that the system sends an email.

USR = "your@email.com" for your email address.

Save and exit, and restart the <G id = "1"> </usr/local/sbin/<G id = "2"> </G> system ).

In addition, if you need to enable the system to run automatically after each restart, execute the following command:

Chkconfig -- level 2345 filters on

To remove Automatic startup:

Chkconfig -- del APL

Finally, I would like to thank Rf-x Networks for bringing you an excellent software firewall. We also hope that everyone can smoothly build an effective security barrier for their Linux systems.