This tutorial will help you install APF on CentOS 5.3
Lets begin…
Install it…
Lets start the APF.
Finally.
Now that we are sure that the firewall is working and isn't blocking ports that we need, we can change DEVEL_MODE="1" option in the configuration file to 0 and restart APF.
Next we make sure APF is started at boot time, so using setup command we go to System Services, tick APF and save the settings. After restarting the system APF should start automatically.
Credits to www.howtoforge.com
Lets begin…
user@localhost:~$ wget http://www.rfxn.com/downloads/apf-__current__.tar.gzuser@localhost:~$tar -zxvf http://www.rfxn.com/downloads/apf-__current__.tar.gz
user@localhost:~$cd apf-__current__
user@localhost:~$ sh ./install.shEdit the configuration file /etc/apf/conf.apf
DEVEL_MODE="1" - be sure to set this option to 1 until You're satisfied with the settings.Development mode sets a cron job to deactivate APF every 5 minutes. This really lets You install it on a remote machine without the risk of cutting Yourself out.
SET_MONOKERN="0" - APF supports monolithic kernels. If IPTables was not compiled as a module (APF then complains about IPTables even without setting up a firewall for example: Starting APF:Unable to load iptables module (ip_tables), aborting.)
IFACE_IN="eth0" and IFACE_OUT="eth0" - untrusted interfaces connected to the network, mostly the Internet
IG_TCP_CPORTS="20,21,22,25,26,37,43,53,80,110,113,143,443,465,873,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306,6666" - inbound TCP ports to open
IG_UDP_CPORTS="53,6277" - inbound UDP ports to open
IG_ICMP_TYPES="3,5,11,30" - inbound ICMP port numbers. I've removed ports 0 and 8 so the server won't answer any pings, what partially hides it on the network. Leave them in place if You or Your datacenter is using ping packets (ex. network monitoring).
EG_TCP_CPORTS="21,25,37,53,80,110,113,#123,443,43,873,953,2089,2703" - outbound TCP ports to open. At this point by blocking certain services like SSH we gain the possibility of stopping hackers that would break into our system and want to connect to other servers
EG_UDP_CPORTS="20,21,53,873,953,6277" - outbound UDP port numbers
TCP_STOP="DROP" - defines a reaction in case of TCP connections that violate the rules
UDP_STOP="DROP" - defines a reaction in case of UDP connections that violate the rules
ALL_STOP="DROP" - defines a reaction to any other connections
We can send a TCP/IP reset (RESET), drop the packet without answering (DROP), reject it (REJECT) or send icmp-host-prohibited answer (PROHIBIT) in case of UDP.
BLK_PRVNET="1" - blocks all private ipv4 addresses. If Your machine is behind NAT then set this to 0
It's worth spending some more time to get familiar with more configuration options as APF is very feature rich./usr/local/sbin/apf -sBelow are useful parameters for APF:
-s - start APF
-r - restart APF
-f - stop APF
-l - list statistics
-st - status of APF
-a host - allow connections from "host"
-d host - deny connections from "host"Now that we are sure that the firewall is working and isn't blocking ports that we need, we can change DEVEL_MODE="1" option in the configuration file to 0 and restart APF.
Next we make sure APF is started at boot time, so using setup command we go to System Services, tick APF and save the settings. After restarting the system APF should start automatically.
Credits to www.howtoforge.com
No comments:
Post a Comment