Knowledgebase
|
Installing Advanced Policy Firewall (APF)
Posted by admin on 17 September 2009 11:31 PM
|
|
|
Installing Advanced Policy Firewall (APF) APF (Advanced Policy Firewall) APF is a modular, policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. It is maintained by R-fx Networks. Installation ========== i). Download and extract to /usr/local/downloads/ directory. Create it by executing the command Code: mkdir -p /usr/local/downloads/ cd /usr/local/downloads/ wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz URL is http://www.rfxnetworks.com/downloads/apf-current.tar.gz ii). Extract and install it Code: cd /usr/local/downloads/ tar xvzf apf-current.tar.gz rm -f apf-current.tar.gz cd apf* ./install.sh You should see Code: Installation Details: Install path: /etc/apf/ Config path: /etc/apf/conf.apf Executable path: /usr/local/sbin/apf AntiDos install path: /etc/apf/ad/ AntiDos config path: /etc/apf/ad/conf.antidos DShield Client Parser: /etc/apf/extras/dshield/ without any errors. 2. APF Configuration =================== /etc/apf is the configuration directory of APF and conf.apf is the main configuration file. So open up conf.apf in your favorite editor. Scroll down till you see i) IG_TCP_CPORTS="22" Tip: Pico -> Ctrl+W and then keyword --> Invokes search for keyword Vi --> Esc and then /keyword --> Invokes search for keyword emacs --> Ctrl+s and then keyword --> Invokes search for keyword Change it to read a) For a webmin server: IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,3306,10000,30000_35000" b) For a Cpanel server : IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,2082,2083,2084,2086,2087,2095,2096,3306,30000_35000" Common incoming TCP ports. ii) IG_UDP_CPORTS="" Change the line to read IG_UDP_CPORTS="21,53" iii) EGF="0" to EGF="1" # This filter outgoing connections also, I recommend it though it may cause issues rarely. iv) EG_TCP_CPORTS="21,25,80,443,43" to read EG_TCP_CPORTS="21,22,25,43,53,80,110,443,3306" Common outgoing TCP ports v) USE_DS="0" to USE_DS="1" APF makes use of dshield (DS), this is a little like spam blocklists such as spews and lists the most commonly abused networks and those most often used in denial of service attacks and similar. vi) USE_AD="0" to USE_AD="1" The USE_AD="1" enables the Antidos Feature which is still in beta at the time of this writing. Readme says "Antidos is a log parsing script made for r-fx.org's APF (advanced policy firewall). It's purpose is too parse specific log formats for network attacks against a given system; then take certian actions. it is designed to be modular so it can be removed from APF and used in other environments." You can now save the conf.apf and quit the editor. If you didn't change the value of USE_AD to 1, you can skip Step 3 and jump to Step 4 3. AntiDOS Configuration ======================= i) Open up /etc/apf/ad/conf.antidos ii) Change LP_KLOG="0" to LP_KLOG="1" iii) CONAME="Your Company" Enter your company name within quotes similar to CONAME="LunarPages" iv) USR_ALERT="0" to USR_ALERT="1" Change it to 1 only if you wish to receive email alerts. v) USR="you@yourco.com" Enter your email address here similar to the entry made in (iii) i.e in quotes vi) Antidos is intended to operate via cron. This is a critical setup point as if not done, antidos will simply not operate. Execute the command Code: crontab -e */2 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1 This will run antidos every two minutes. 4. Starting the firewall ==================== i) Edit /etc/apf/allow_hosts.rules and enter your IP (not a mandatory step, but will avoid being locked out of the server) ii) Start the firewall by executing the command Code: apf -s You should see, Development mode enabled!; firewall will flush every 5 minutes. Now try to access all the services, including mail, ssh, and websites. iii) If you are able to access all the services, then open up /etc/apf/conf.apf, change the DEVM="1" to read DEVM="0" and then restart the firewall by executing Code: apf -r and you are done iv) As a last step, please execute the command "chkconfig --list apf" and confirm whether you see a similar entry like apf 0: off 1: off 2: off 3: on 4: on 5: on 6: off You should see it, exactly similar to above, in case it is not like that, execute Code: chkconfig --level 345 apf on . Congratulations, you have successfully installed APF 6. Firewall Usage ============== Code: Usage /usr/local/sbin/apf [OPTION] OPTIONS are as below -s|--start ......................... load firewall policies -r|--restart ....................... flush & load firewall -f|--flush|--stop .................. flush firewall -l|--list .......................... list chain rules -st|--status ....................... firewall status -a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and immediately load new rule into firewall -d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and immediately load new rule into firewall As an example, if you would like to deny an IP from accessing your sites, execute, apf -d 123.123.123.123 References =========== [1] http://www.rfxnetworks.com/apf/README [2] http://www.rfxnetworks.com/apf/README.antidos | |
 (593 vote(s)) Helpful Not helpful |
Comments (0)