Add Firewall for Linux: Installation and setup of APF

What is APF?

apf:advanced Policy Firewall is a software firewall in the Linux environment produced by Rf-x Networks. APF uses the Linux system default iptables rules. APF can be considered one of the most famous software firewalls in Linux.

Download the latest version of APF:

wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

Extract:

TAR-XZVF apf-current.tar.gz

Enter the APF directory:

CD apf-version

Installation!

./install.sh

After installation, start configuring APF:

Nano/etc/apf/conf.apf

Find (Ctrl + W) use_ds= "0″, change it to use_ds=" 1″, find use_ad= "0″, and change it to use_ad=" 1″.

Then start configuring the most important part: ports.

The recommended configurations for cpanel, Ensim and Plesk are provided below.

cPanel
IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096″
IG_UDP_CPORTS=”21,53,873″
EGF=”1″
EG_TCP_CPORTS=”21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089″
EG_UDP_CPORTS=”20,21,37,53,873″
Ensim
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,19638″
IG_UDP_CPORTS=”53″
EGF=”1″
EG_TCP_CPORTS=”21,22,25,53,80,110,443″
EG_UDP_CPORTS=”20,21,53″
Plesk
IG_TCP_CPORTS=”20,21,22,25,53,80,110,143,443,465,993,995,8443″
IG_UDP_CPORTS=”37,53,873″
EGF=”1″
EG_TCP_CPORTS=”20,21,22,25,53,37,43,80,113,443,465,873″
EG_UDP_CPORTS=”53,873″

The following is a list of common ports for easy configuration:

21/tcp ftp
22/tcp ssh
25/tcp smtp
26/tcp 备用smtp端口
80/tcp http
110/tcp pop3
143/tcp imap
443/tcp https
993/tcp imaps
995/tcp pop3s
3306/tcp mysql
5432/tcp postgres
53/udp dns

Save exit after configuration is complete and start APF firewall:

/usr/local/sbin/apf-s

Note that at this point the firewall is running in debug mode, and the configuration is again washed every five minutes. This prevents the server from being paralyzed by the wrong configuration.

After making sure that the configuration is correct, enter the configuration file (NANO/ETC/APF/CONF.APF) again and change the devm= "1″ to Devm=" 0″. This way, the APF will run in normal mode.

Reboot APF (/usr/local/sbin/apf-s).

Note: If your Linux kernel will iptables direct compilation rather than module mode, change the monokern= "0″ in the configuration file to Monokern=" 1″.

Optional configuration:

A new feature of APF is to prevent Dos attacks (/ETC/APF/AD). Its log file is saved in/var/log/apfados_log.

Here we will configure APF to send an email to the administrator after it encounters a DOS.

To open a configuration file:

Nano-w/etc/apf/ad/conf.antidos

Find [e-mail Alerts].

Coname= "Your Company" is your website or corporate name.

Change the usr_alert= "0″ to Usr_alert=" 0″, which causes the system to send e-mail.

Usr= "your@email.com" for your email address.

Save and exit, reboot APF (/USR/LOCAL/SBIN/APF-R).

Also, if you need to automatically run APF after each reboot of the system, execute the following command:

Chkconfig--level 2345 APF on

Need to remove automatic startup words:

Chkconfig--del APF

Finally, I hope everyone can successfully set up an effective security barrier for their Linux.