Linux APF Firewall installation configuration

APF (Advanced Policy Firewall) is a software firewall in the Linux environment produced by Rf-x Networks, which is used by most Linux server administrators and is easy to understand and use with iptables rules.

One, download, install APF

Linux Code

Root@linux:/home/zhangy# wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

Root@linux:/home/zhangy# tar-xvzf apf-current.tar.gz

Root@linux:/home/zhangy# CD apf-9.7-1

Root@linux:/home/zhangy/apf-9.7-1#./install.sh

The installation is successful with the following information:

Root@linux:/home/zhangy/apf-9.7-1#./install.sh

Installing APF 9.7-1: Completed.

Installation Details:

Install Path:/etc/apf/

Config Path:/ETC/APF/CONF.APF

Executable Path:/USR/LOCAL/SBIN/APF

Other Details:

Listening TCP ports:22,25,111,3306,53976

Listening UDP ports:111,917,936,5353,49640,54744

Note:these ports is not auto-configured; They is simply presented for information purposes. You must manually configure all port options.

Second, configure APF

Vim/etc/apf/conf.apf

ig_tcp_cports= "21,22,80,443,3306,8080"//Set the server to allow access to the TCP port

Ig_udp_cports= "53"//Set the server to allow access to the UDP port

eg_tcp_cports= "21,25,80,443,43,2089"//Setting the TCP port that the server allows for external access

eg_udp_cports= "20,21,53"//Set the UDP port that the server is allowed to access externally

Devel_mode= "1" to devel_mode= "0"

dlist_spamhaus= "0" to dlist_spamhaus= "1"

dlist_dshield= "0" to dlist_dshield= "1"

The following points should be noted in the configuration process:

1, different ports are open depending on the server.

2,devel_mode= "1" means that the configuration is reset every five minutes in debug mode, which prevents the server from crashing due to incorrect configuration.

3, set only Tongxu 192.168.1.139 remote connection 22 port

Add the following information to the/etc/apf/allow_hosts.rules:

tcp:in:d=22:s=192.168.1.139

out:d=22:d=192.168.1.139

Add the following information to the/etc/apf/deny_hosts.rules:

tcp:in:d=22:s=0/0

out:d=22:d=0/0

At the beginning, I thought as long as in the allow_hosts.rules inside add on the line, changed one, I changed an IP, already can connect, make me very silent. After adding the above rule to deny_hosts.rules, the prompt timed out when connected. Allow_hosts.rules and Deny_hosts.rules inside both added rules, the re-starting APF will prompt the configuration of successful information, accidental discovery.

APF (12234): {Trust} Allow outbound 192.168.1.139 to port 22

APF (12234): {Trust} Allow inbound TCP 192.168.1.139 to port 22

Iii. Common commands for APF

Apf-s//Start APF Firewall

Apf-r//Restart APF firewall

Apf-f//Refresh APF firewall configuration file

Apf-l//List of APF's filtration rules

Log information for APF-T//APF.

APF-E//Adding the Domain name interpretation to the letter of recognition rules

Apf-a//Add IP/IP segment to whitelist

apf-d//Add IP/IP segment to blacklist

Apf-u//Remove IP/IP segment from White/blacklist

Apf-o//Remove IP/IP segment from White/blacklist

Four, common port list

21/tcp//ftp

22/tcp//ssh

25/tcp//SMTP

53/UDP//dns

80/tcp//http

110/tcp//POP3

143/tcp//imap

443/tcp//https

993/tcp//imaps

995/tcp//POP3

3306/tcp//mysql

5432/tcp//postgresql

Linux APF Firewall installation configuration