Installation and configuration of linux apt Firewall

The Advanced Policy Firewall (Advanced Policy Firewall) is a software Firewall in the linux environment produced by Rf-x Networks. It is adopted by most Linux server administrators and uses iptables rules, easy to understand and use. Www.2cto.com is suitable for users who are not very familiar with iptables, because it is easy to install and configure, but has very powerful functions. One, download, install the Linux code root @ linux:/home/zhangy # wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz root @ linux:/home/zhangy # tar-xvzf apf-current.tar.gz root @ linux: /home/zhangy # cd apf-9.7-1 root @ linux:/home/zhangy/apf-9.7-1 #. /install. sh installation successful prompt information: root @ linux:/home/zhangy/apf-9.7-1 #. /install. sh Installing APL 9.7-1: Completed. installation Details: Install path:/etc/APL/Config path:/e Tc/APL/conf. <G id = "1"> </G>: <G id = "2"> </G>: <G id = "2"> </G>: these ports are not auto-configured; they are simply presented for information purposes. you must manually configure all port options. 2. Configure apt vim/etc/APT/conf. command Line IG_TCP_CPORTS = "80,443,330," // sets the TCP port IG _ UDP_CPORTS = "53" // set the UDP port EG_TCP_CPORTS = "225-, 80,443, 43,2089" // set the TCP port EG_UDP_CPORTS = "20, 21, 53 "// set the UDP port DEVEL_MODE =" 1 "for external access to the server to be changed to DEVEL_MODE =" 0 "DLIST_SPAMHAUS =" 0 "to DLIST_SPAMHAUS =" 1 "DLIST_DSHIELD =" 0" pay attention to the following points during DLIST_DSHIELD = "1" Configuration: 1. Open different ports based on different servers. The ports opened by the web server root mysql server must be different. 2. DEVEL_MODE = "1" indicates that the configuration is re-tuned every five minutes in the debugging mode to avoid server crashes due to incorrect configurations. 3. Set to allow only 192.168.1.139 to remotely connect to port 22. // Add the following information to/etc/APT/allow_hosts.rules: Linux code tcp: in: d = 22: s = 192.168.1.139 out: d = 22: d = 192.168.1.139 // Add the following information to/etc/APL/deny_hosts.rules: Linux code tcp: in: d = 22: s = 0/0 out: d = 22: at the beginning of d = 0/0, I thought that I only needed to add it in allow_hosts.rules. After I changed it, I changed an IP address and can connect to it, which made me speechless. After the preceding rules are added to deny_hosts.rules, the connection times out. When rules are added to both allow_hosts.rules and deny_hosts.rules, a prompt indicating successful configuration is displayed when you restart the TDS agent. Linux Code <12234): {trust} allow outbound 192.168.1.139 to port 22 <12234): {trust} allow inbound tcp 192.168.1.139 to port 22 <>, common commands of the <G id = "1"> </G> command of the <G id = "2"> command of the <G id = "2"> command of the <G id = "2"> command of the <G id = "2"> command of the </G> command. ignore the log information of the Rule <G id = "1"> </G>. <G id = "1"> </G> <G id = "2"> aliyun </G> -u // remove the IP address/IP address segment from the whitelist and remove the IP address/IP address segment from the whitelist. Delete www.2cto.com 4, common port list Linux code 21/tcp // ftp 22/tcp // ssh 25/tcp // smtp 53/udp // dns 80/tcp // http 110/tcp // pop3 143/tcp // imap 443/tcp // https 993/tcp // imaps 995/tcp // pop3 3306/tcp // mysql 5432/tcp // postgresql