Installing APF (Advanced Policy Firewall)

E-mail Print PDF



Product Name : APF (Advanced Firewall Policy)
Product Version : 0.9.6 rev:5
Homepage : http://www.r-fx.ca/apf.php
Description : Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of todays Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file. The management of APF on a day-to-day basis is conducted from the command line with the apf command, which includes detailed usage information and all the features one would expect from a current and forward thinking firewall solution.

Step 1: Download, unpack, install of APF and remove source after install.

cd /usr/local/src
wget http://www.r-fx.ca/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-9*
./install.sh
rm -Rf /usr/local/apf-9*


Step 2: Backup orginal apf config

cp /etc/apf/conf.apf /etc/apf/conf.apf.bak


Step 3: Edit current APF Config

nano -w /etc/apf/conf.apf


Change:
* RAB="0" to RAB="1"
* RAB_PSCAN_LEVEL="2" to RAB_PSCAN_LEVEL="3"
* TCR_PASS="1" to TCR_PASS="0"
* ICMP_LIM="30/s" to ICMP_LIM="10/s"
* BLK_IDENT="0" to BLK_IDENT="1"

Step 4: Find IFACE_IN= and IFACE_OUT= in /etc/apf/conf.apf and verify that they match your network interface
Step 5: Locate HELPER_SSH_PORT="22" and change it to your SSH port IF you changed it in your sshd_config:
Step 6: Locate IG_TCP_CPORTS="22" and change it to your SSH port IF you changed it in your sshd_config:

REMEMBER MAKE SURE YOU TO CHANGE YOUR SSHD PORT IN APF, IF YOU CHANGED IT IN SSHD_CONFIG


Step 6: Restart the APF

service apf restart


Step 7: Now relogin though ssh again, to verify that you still can login into your server
Step 8: When your happy with your firewall and everything works fine, Edit /apf.conf find DEVEL_MODE="1" and change it to:

DEVEL_MODE="0"

DEVEL_MODE="1" add a iptables flush after 5 minutes, incase of bad config, helpfull? :)


Step 9: Restart APF again

service apf restart


You do NOW have a firewall up and running!  Enjoy

Tags See All Tags Add New Tag...

Please Enter New Tags Separated By Comma's
  Or Close

Firewall  apf  config  configuration  deny  iptables 
Powered By Joomla Tags

Last Updated ( Thursday, 25 December 2008 01:15 )