Add a firewall for Linux: Install and set the TDS agent

What is an ASF? <G id = "1"> Advanced Policy Firewall </G> is a software Firewall developed by Rf-x Networks in Linux. This API uses the default iptables rule in Linux. It can be regarded as one of the most famous software firewalls in Linux. Download the latest version of the apt: Wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz Decompress: Tar-xzvf apf-current.tar.gz Go to the directory: Cd apt-version Install! ./Install. sh After the installation is complete, configure the apt: Nano/etc/APL/conf. Filters Find ctrl + w) USE_DS = "0" and change it to USE_DS = "1"; find USE_AD = "0" and change it to USE_AD = "1 ″. Then configure the main part: port. The following are recommended configurations for cPanel, Ensim, and Plesk. CPanel IG_TCP_CPORTS = "20, 21, 80,110,143,443,465,993,995,208 ″ IG_UDP_CPORTS = "873 ″ GF = "1 ″ EG_TCP_CPORTS = "80,110,113,443,465,873,208, 26 ″ EG_UDP_CPORTS = "20, 21, 37,53, 873 ″ Ensim IG_TCP_CPORTS = "80,110,143,443,196, 22, 38 ″ IG_UDP_CPORTS = "53 ″ GF = "1 ″ EG_TCP_CPORTS = "80,110,443 ″ EG_UDP_CPORTS = "20, 21, 53 ″ Plesk IG_TCP_CPORTS = "20, 21, 110,143,443,465,993,995,844 ″ IG_UDP_CPORTS = "873 ″ GF = "1 ″ EG_TCP_CPORTS = "20, 21, 113,443,465,873 ″ EG_UDP_CPORTS = "53,873 ″ The general ports are listed below for your convenience: 21/tcp ftp 22/tcp ssh 25/tcp smtp 26/tcp backup smtp Port 80/tcp http 110/tcp pop3 143/tcp imap 443/tcp https 993/tcp imaps 995/tcp pop3s 3306/tcp mysql 5432/tcp ipvs 53/udp dns After the configuration is complete, save and exit, and start the apt Firewall: /Usr/local/sbin/apt-s Note that the firewall is running in debugging mode and the configuration is rewashed every five minutes. This prevents server paralysis due to incorrect configurations. After the configuration is correct, go to the configuration file nano/etc/NTFS/conf. Filters again, and change DEVM = "1" to DEVM = "0 ″. In this way, the system runs in normal mode. Restart <G id = "1"> </G> ). NOTE: If your Linux kernel directly compiles iptables instead of the module mode, change MONOKERN = "0" to MONOKERN = "1" in the configuration file ″. Optional Configuration: The new feature of the active/standby filter is to prevent DoS attacks ). The log files are stored in/var/log/apfados_log. Next we will configure the apt to send an email to the Administrator after it encounters DoS. Open the configuration file: Nano-w/etc/APL/ad/conf. antidos Find [E-Mail Alerts]. CONAME = "Your Company" is Your website or Company name. Change USR_ALERT = "0" to USR_ALERT = "0" so that the system sends an email. USR = "your@email.com" for your email address. Save and exit, and restart <G id = "1"> sup </G>/<G id = "2"> sup </G> ). In addition, if you need to enable the system to run automatically after each restart, execute the following command: Chkconfig -- level 2345 filters on To remove Automatic startup: Chkconfig -- del APL Finally, we hope everyone can successfully build an effective security barrier for their Linux systems.