Adding APF to Your Virtual or Dedicated Server
- July 8th, 2010
- Write comment
There’s a lot of crap out there on the Internets. So having a firewall is a must if you’re running a virtual or dedicated server. This is a quick guide on how to install APF on your linux server.
First, download the latest and greatest version of APF from R-FX Networks:
http://www.rfxn.com/downloads/apf-current.tar.gz
cd /tmp
wget http://www.rfxn.com/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-0.*
./install.sh
*Notice: apply the latest version number here.
This should automatically install APF on your server. Now we have to edit the configuration file.
nano -w /etc/apf/conf.apf
Scroll down to the “Inbound (Ingress) TCP/UDP Ports” and “Outbound (Egress) TCP/UDP Port” section. Please find the correct configuration for your control panel.
—–cPanel—–
IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096″
IG_UDP_CPORTS=”21,53,873″
EGF=”1″
EG_TCP_CPORTS=”21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089″
EG_UDP_CPORTS=”20,21,37,53,873″
—-Ensim—–
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,19638″
IG_UDP_CPORTS=”53″
EGF=”1″
EG_TCP_CPORTS=”21,22,25,53,80,110,443″
EG_UDP_CPORTS=”20,21,53″
—-Plesk—–
IG_TCP_CPORTS=”20,21,22,25,53,80,110,143,443,465,993,995,8443″
IG_UDP_CPORTS=”37,53,873″
EGF=”1″
EG_TCP_CPORTS=”20,21,22,25,53,37,43,80,113,443,465,873,5224″
EG_UDP_CPORTS=”53,873″
Save the file and start APF.
apf -s
If everything still works then edit the config file and turn DEVEL_MODE OFF. Make absolutely sure you can start a new SSH session before changing DEVEL_MODE OFF.
***AGAIN, please make sure you are able to start a new SSH session. This is your last warning!!!
DEVEL_MODE=”0″
Now, restart APF and everything should be working!!!
apf -r
If you have an issues or need a list of available of commands for APF:
apf --help
Also, if you are getting an error on startup or restart similar to this:
unable to load iptables module (ip_tables), aborting. apf
try changing SET_MONOKERN=”0″ to “1″ – although it is not recommended, this allows for APF to run if this module is not directly compiled into the kernel.
