How to install APF (Advanced Policy Firewall) Published: Jan 20, 2004
  • Rating

    4/5

This guide will show you how to install and configure APF firewall, one of the better known Linux firewalls available.

What is APF (Advanced Policy Firewall)? APF Firewall
APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux. APF is developed and maintained by R-fx Networks: http://www.rfxnetworks.com/apf.php

This guide will show you how to install and configure APF firewall, one of the better known Linux firewalls available.10

Limit SSH connections to one IP with APF in this advanced tutorial

Requirements:

- Root SSH access to your server

Lets begin!
Login to your server through SSH and su to the root user.

1. cd /root/downloads or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz


3. tar -xvzf apf-current.tar.gz

4. cd apf-0.9.5-1/ or whatever the latest version is.

5. Run the install file: ./install.sh
You will receive a message saying it has been installed

Installing APF 0.9.5-1: Completed.

Installation Details:
  Install path:         /etc/apf/
  Config path:          /etc/apf/conf.apf
  Executable path:      /usr/local/sbin/apf
  AntiDos install path: /etc/apf/ad/
  AntiDos config path:  /etc/apf/ad/conf.antidos
  DShield Client Parser:  /etc/apf/extras/dshield/

Other Details:
  Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306
  Listening UDP ports: 53,55880
  Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.

6. Lets configure the firewall: pico /etc/apf/conf.apf
We will go over the general configuration to get your firewall running. This isn't a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.

We like to use DShield.org's "block" list of top networks that have exhibited
suspicious activity.
FIND: USE_DS="0"
CHANGE TO: USE_DS="1"

7. Configuring Firewall Ports:

Cpanel Servers
We like to use the following on our Cpanel Servers

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"


Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"

# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43,2089"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"



Ensim Servers
We have found the following can be used on Ensim Servers - although we have not tried these ourselves as I don't run Ensim boxes.

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,19638"
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53"


Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="1"

# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"


Save the changes: Ctrl+X then Y


8. Starting the firewall
/usr/local/sbin/apf -s

Other commands:
usage ./apf [OPTION]
-s|--start ......................... load firewall policies
-r|--restart ....................... flush & load firewall
-f|--flush|--stop .................. flush firewall
-l|--list .......................... list chain rules
-st|--status ....................... firewall status
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
                                     immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
                                     immediately load new rule into firewall


9. After everything is fine, change the DEV option
Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to "0" after you've had a chance to ensure everything is working well and tested the server out.

pico /etc/apf/conf.apf

FIND: DEVM="1"
CHANGE TO: DEVM="0"

10. Configure AntiDOS for APF
Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!

pico /etc/apf/ad/conf.antidos

There are various things you might want to fiddle with but I'll get the ones that will alert you by email.

# [E-Mail Alerts]
Under this heading we have the following:

# Organization name to display on outgoing alert emails
CONAME="Your Company"

Enter your company information name or server name..

# Send out user defined attack alerts [0=off,1=on]
USR_ALERT="0"

Change this to 1 to get email alerts

 # User for alerts to be mailed to
USR="your@email.com"

Enter your email address to receive the alerts

Save your changes! Ctrl+X then press Y
Restart the firewall: /usr/local/sbin/apf -r

11. Checking the APF Log

Will show any changes to allow and deny hosts among other things.
tail -f /var/log/apf_log

Example output:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123
Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123


12. New - Make APF Start automatically at boot time
To autostart apf on reboot, run this:

chkconfig --level 2345 apf on

To remove it from autostart, run this:

chkconfig --del apf


13. Denying IPs with APF Firewall (Blocking) 

Now that you have your shiny new firewall you probably want to block a host right, of course you do! With this new version APF now supports comments as well. There are a few ways you can block an IP, I'll show you 2 of the easier methods.

A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES
> The -d flag means DENY the IP address
> IPHERE is the IP address you wish to block
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked
These rules are loaded right away into the firewall, so they're instantly active.
Example:

./apf -d 185.14.157.123 TESTING

pico /etc/apf/deny_hosts.rules

Shows the following:

# added 185.14.157.123 on 08/23/05 01:25:55
# TESTING
185.14.157.123

B) pico /etc/apf/deny_hosts.rules

You can then just add a new line and enter the IP you wish to block. Before this becomes active though you'll need to reload the APF ruleset.

/etc/apf/apf -r

14. Allowing IPs with APF Firewall (Unblocking)

I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.
A) 
pico /etc/apf/deny_hosts.rules

Find where the IP is listed and remove the line that has the IP.
After this is done save the file and reload apf to make the new changes active.

/etc/apf/apf -r

B) If the IP isn't already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules

 /etc/apf/apf -a IPHERE COMMENTHERENOSPACES
> The -a flag means ALLOW the IP address
> IPHERE is the IP address you wish to allow
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they're instantly active.
Example:

./apf -a 185.14.157.123 UNBLOCKING

pico /etc/apf/allow_hosts.rules

# added 185.14.157.123 on 08/23/05 01:39:43
# UNBLOCKING
185.14.157.123


Thanks to R-fx networks for developing and maintaining APF Firewall. Written by Steven Leggett of WebHostGear.com Need help with APF? Visit the WebHostGear Forums

  • Rating

    4/5

Related Articles

Comments (83)

  • Gravatar - Edward
    Edward 22:57, January 25, 2004
    This worked great, but if your kernel is compiled with iptables statically instead of as a module you need to do this in the conf.apf
    MONOKERN="0"
    Set it to "1" and then try start APF again.
  • Gravatar - chris
    chris 21:08, February 3, 2004
    the firewall should be set to 0 not 1 to be running allt eh time setting to 1 = turns off after 5 minutes ..i would fix it or you will have newbies with firewalls off everywhere
  • Gravatar - jdwh
    jdwh 17:12, February 11, 2004
    Does this work for Burst.net servers? In the past there was a thread in their forums saying it was incompatible. Maybe this was fixed?
  • Gravatar - ryan
    ryan 19:40, February 11, 2004
    great howto document and covers the current release whereas most people cover the RPM release; great job.
  • Gravatar - Steve
    Steve 04:54, February 12, 2004
    jdwh - yes it works with any Linux servers, if you have any questions about firewall ports on the network then contact your provider.
  • Gravatar - Tom
    Tom 13:26, March 22, 2004
    Don't you need to type the following so APF starts after a reboot?

    chkconfig --level 2345 apf on
  • Gravatar - ryan
    ryan 12:02, April 9, 2004
    No; chkconfig is run during installation by APF's install.sh script.
  • Gravatar - greg
    greg 23:07, April 22, 2004
    anyone know how to stop if from logging to the terminal (tty1?)
  • Gravatar - autoquartz
    autoquartz 08:17, April 24, 2004
    How about Plesk 7 Server?
  • Gravatar - BAMF
    BAMF 22:26, April 26, 2004
    Make sure to add port #3306 to IG_TCP_CPORTS if you want to remotely administer your database.
  • Gravatar - Scott
    Scott 00:17, May 11, 2004
    Im kinda a newbie at this I use 4 diff Ipadresses on my machine could someone tell me how to add in so all the ip's use the same rights. Last firewall I tried blocked all my other Ip's on all ports thanx
  • Gravatar - chris
    chris 03:52, May 14, 2004
    How do you block an Ip in APF?
  • Gravatar - Steve
    Steve 17:03, May 27, 2004
    To block and IP in APF go to /etc/apf and pico deny_hosts.conf. Scroll down and add the IP addresses you need to block, each on a separate line. Comments with more details are in the file.
  • Gravatar - Anton
    Anton 10:48, June 1, 2004
    Guys, what about ports for passive ftp?
  • Gravatar - Colin Myerscough
    Colin Myerscough 16:13, June 2, 2004
    I can not use this firewall because feeds.dshield.org does not exist and I can not get the block.txt from there. Who can help me
  • Gravatar - Tim Rice
    Tim Rice 19:55, June 7, 2004
    APF is great, except I sometimes have a hard time taking out a chain. For an example, I have the following loaded in the chain:
    32 DROP all -- 83.0.0.0/8 anywhere

    I have tried to remove this, but can't for some strange reason. Is there a file that I can edit?
  • Gravatar - Khurrum Maqbool
    Khurrum Maqbool 03:04, June 10, 2004
    I had to open port 2089 because it was having problems with the license. Apparently cpanel needs the license sync port 2089 not only for incoming but also for outgoing traffic open
  • Gravatar - Janos
    Janos 21:15, June 17, 2004
    I get an error message when I want to start APF: /usr/local/sbin/apf: line 1: ifconfig: command not found . What's wrong here?
  • Gravatar - For Janos from WHG
    For Janos from WHG 20:05, June 18, 2004
    Run: cat /etc/apf/VERSION<br />
    You should see version: 0.9.3-rev3<br />
    <br />
    Then before you run any APF commands make sure you're logged in as the root environment: su - <br />
    <br />
    Make sure you use the "-" otherwise you won't be in the environment, this is why you're getting the error message I'm fairly sure.
  • Gravatar - DJALPHA
    DJALPHA 20:01, June 20, 2004
    Which is correct? 3000_3500 or 30000_35000 ? <br />
    Please check how to thx.
  • Gravatar - reanncw
    reanncw 17:39, June 21, 2004
    i get this,<br />
    <br />
    /etc/apf/vnet/vnetgen: ip: command not found<br />
    lsmod: QM_MODULES: Function not implemented<br />
    <br />
    iptables v1.2.6a: unknown protocol `ipv6-crypt' specified<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables: No chain/target/match by that name<br />
    iptables: No chain/target/match by that name<br />
    iptables: No chain/target/match by that name<br />
  • Gravatar - Khurrum Maqbool
    Khurrum Maqbool 03:13, July 16, 2004
    Also port 873 ingress is needed for Rsync... this is needed for /scripts/easyapache
  • Gravatar - Gareth
    Gareth 13:17, August 2, 2004
    Is APF compatible with FreeBSD?
  • Gravatar - Andy
    Andy 15:57, August 11, 2004
    error as follows<br />
    <br />
    iptables v1.2.9 invalild TCP / Port Service '=21' specified<br />
    <br />
    Try `iptables -h' or 'iptables --help' for more information<br />
    <br />
  • Gravatar - Bob
    Bob 16:56, August 30, 2004
    When I start the firewall I get a series of "uknown host" comments. What is this from and should I be concerned?
  • Gravatar - Sun Joo
    Sun Joo 13:46, October 20, 2004
    After APF started, the sites are not accessed from the browser. The moment I stop APF, then sites are loaded. What am I missing ? Any clue ? Thanks.
  • Gravatar - JLchafardet
    JLchafardet 18:51, November 2, 2004
    does this tutorial have ever been tested on RHEL ES3 Plesk Reloaded based servers?
  • Gravatar - Caz
    Caz 03:41, December 18, 2004
    I get "unknown host" when doing apf -r. Anyone know why?
  • Gravatar - Mtrafox
    Mtrafox 19:28, January 21, 2005
    Hy.<br />
    After I installed APF, I have some problems.<br />
    When I get the mail from BDF, that someone atack my one of virtual IP, and I ceck with ifconfig, my virtual interface is down. Some time all of my virtual interface are down. Anyone know how to fix this ?
  • Gravatar - Randall_James
    Randall_James 13:05, January 29, 2005
    chris <br />
    How do you block an Ip in APF? <br />
    <br />
    apf -d 12.345.67.89 <br />
    ----------------------<br />
    Bob and Caz<br />
    When I start the firewall I get a series of "uknown host" comments. What is this from and should I be concerned?<br />
    <br />
    Check the deny_host.rules, there is probably a bad entry in the bottom half of file<br />
    ________________________<br />
    INSTALL NOTE:<br />
    During the final phase of install you will recieve some output to screen, this will list the current listening ports! Generally these are going to be need added to the allowed ports in the conf.apf file. Also monitored services need open ports (eg, ThePlanet) check with your datacenter for a list of these ports.<br />
    <br />
  • Gravatar - Jafar
    Jafar 08:13, February 8, 2005
    hello ,,<br />
    I have got a question ..I want your help for me please in this problem ..<br />
    <br />
    Sometime : Network error(tcp_error) A communication error occurred: "Operation timed out"<br />
    Sometime : operatio timed out<br />
    Sometime : The page cannot be displayed<br />
    Sometime : Problem Report<br />
    <br />
    Some of the tracts is not able to the entry this talk is visible to them by higher<br />
    An example ( UAE emirates . Syria . Egypt ..<br />
    <br />
    this problem From , "Fairwell APF"<br />
    <br />
    Stop the program of the protection "APF" they are able to the entry (/usr/local/sbin/apf -f"<br />
    Start,run the program of the protection "APF" They are not able to the entry (/usr/local/sbin/apf -s)<br />
    <br />
    <br />
    what's I want do on a this <br />
    By start this the problems From about 25 days .<br />
    <br />
    thanks . I hope your help
  • Gravatar - apfwannabe
    apfwannabe 01:38, April 22, 2005
    how much memory and cpu usage does APF consumes?<br />
    <br />
    i have a vps with 199mb running whm/cpanel and has average load of 75% mem and 1 cpu load.<br />
    <br />
    will apf makes the server unstable considering my current vps resources<br />
    above?<br />
  • Gravatar - Henry
    Henry 03:59, April 23, 2005
    Hello,<br />
    <br />
    I got this error during installation, please help,<br />
    <br />
    Other Details:<br />
    cp: cannot stat `/etc/apf.bk.last/vnet/*.rules': No such file or directory<br />
    Imported options from 0.9.4-6 to 0.9.5-1.<br />
    Note: Please review /etc/apf/conf.apf for consistency, install default backed up to /etc/apf/conf.apf.orig<br />
    root@host [~/downloads/apf-0.9.5-1]# ./install.sh<br />
    Installing APF 0.9.5-1: Completed.
  • Gravatar - need-help
    need-help 12:01, May 2, 2005
    unknow host
  • Gravatar - Matt
    Matt 19:35, June 10, 2005
    I installed this successfully but then it locked me out! It blocked all IP's and I wasn't even able to get in via SSH - what do I have to mod for this to work? I had to have my datacenter disable firewall so I could have remote access again...
  • Gravatar - Tedd
    Tedd 11:44, July 25, 2005
    I cant seem to configure this properly so that I can take it out of test mode. When running I cannot access my website.<br />
    <br />
    I using WMH with cPanel. I got it installed okay. But no matter how I configure the options, Im denied from the website.<br />
    <br />
    Any ideas?
  • Gravatar - Tapan
    Tapan 20:02, July 25, 2005
    Hi,<br />
    <br />
    When i did all i got this and its not working:<br />
    <br />
    /usr/local/sbin/apf -s<br />
    eth0: error fetching interface information: Device not found<br />
    eth0: error fetching interface information: Device not found<br />
    eth0: error fetching interface information: Device not found<br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    /etc/apf/firewall: line 1: /sbin/lsmod: No such file or directory<br />
    Unable to load iptables module (ip_tables), aborting.<br />
    <br />
    Thanks.
  • Gravatar - Ankush
    Ankush 20:35, August 16, 2005
    Please update the article to match the latest version settings of apf. The new apf has lot of new features.
  • Gravatar - Liam Glanfield
    Liam Glanfield 20:21, August 17, 2005
    This was very detailed and spot on but I think I may have done somthing wrong. I have cpanel so used there port numbers given above. When i get to the part apf -s it works ok but I get "wget comand not found, try usinf wget --help for more info..." yet if I do apf -st it says it is working?! is this normal ??
  • Gravatar - Starfinder
    Starfinder 13:01, September 6, 2005
    Matt, Are you running SSH on a port other than 22? If so, you must also allow connections to this port.
  • Gravatar - nowayout
    nowayout 11:11, December 3, 2005
    root@server1 [~/downloads]# /usr/local/sbin/apf -s<br />
    iptables v1.2.11: host/network `216-211-192-63.noviant.com' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `216-211-192-63.noviant.com' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `adsl_corporativo16760-74.etb.net.co' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `adsl_corporativo16760-74.etb.net.co' not found<br />
    Try `iptables -h' or 'iptables --help' for more information<br />
    <br />
    How I could fix that ?
  • Gravatar - Buddah
    Buddah 07:14, December 11, 2005
    Hmm, now my webpages won't load, ftp/plesk/ssh all work fine but websites won't load :-?
  • Gravatar - Fernando
    Fernando 06:43, January 24, 2006
    APF is dieing right after I call it. I don't know why. In logs I can only see:<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} loading postroute.rules<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} default (egress) output accept<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} default (ingress) input drop<br />
    Jan 24 00:42:13 nocserver apf(28488): firewall initalized<br />
    <br />
    Do you know why?
  • Gravatar - NOTSUPPORT
    NOTSUPPORT 23:23, January 30, 2006
    THIS IS NOT TECHNICAL SUPPORT. GO SEEK SUPPORT ELSEWHERE.
  • Gravatar - Cleber
    Cleber 06:53, February 12, 2006
    How to install APF in 2 or more interfaces?<br />
    <br />
    ex: eth0, eth0.1 and others
  • Gravatar - Rainer
    Rainer 22:50, February 14, 2006
    Howto config NAT (iptable) with APF?
  • Gravatar - Morons
    Morons 23:23, March 6, 2006
    this isn't a support page, go elsewhere! This is just about one of the easiest monitoring software out there.
  • Gravatar - Luis
    Luis 03:12, March 15, 2006
    If you have Cpanel be sure to also open port 26 if you have a copy of exim on that port for the clients that have isp's that block 25
  • Gravatar - enes
    enes 23:06, April 4, 2006
    when using smbmount command with APF, smbmount does not working and gives "/bin/ls: .: Stale NFS file handle" error. <br />
    <br />
    to solve this problem, use this;<br />
    <br />
    ./apf -a OTHER_SERVER_IP<br />
    ./apf -r
  • Gravatar - Fred
    Fred 07:22, May 3, 2006
    I see cpanel is spoken about as it relates to this error but I am using monsterconls would it make a different.<br />
    <br />
    lsmod: QM_MODULES: Function not implemented Unable to load iptables module (ip_tables), aborting.<br />
    <br />
    I am have DDOS and install apf but can't get to load.<br />
    <br />
    Any help would be welcomed -THANKSl
  • Gravatar - Steve
    Steve 16:51, June 5, 2006
    I get installed the apf on server but cannot control the DDOS attack.<br />
    Please let us know what to do.<br />
    I have configured everything.<br />
    The attack is now going on.
  • Gravatar - Calvin
    Calvin 18:41, June 14, 2006
    How to remove this firewall after installation ?<br />
    <br />
    Regards,<br />
    Calvin
  • Gravatar - Calvin Phan
    Calvin Phan 19:11, June 14, 2006
    How to uninstall (remove) this APF firewall ?
  • Gravatar - Steve
    Steve 23:37, June 19, 2006
    rm -fv /etc/cron.daily/fw<br />
    chkconfig --del apf<br />
    rm -frv /etc/apf<br />
  • Gravatar - Muhammad Sajjad
    Muhammad Sajjad 15:28, June 23, 2006
    i need ur help about configuring firewall on routers. please provide me some notes or tutorials.
  • Gravatar - FD
    FD 19:56, July 8, 2006
    APF simply does not work correctly with 2.6 kernels due to module name changes and incompatibilities. You get the "Unable to load iptables module (ipt_state), aborting" message<br />
    <br />
    Setting "MONOKERN" to 1 is not a solution as it causes problems with passive FTP (amongst others) and (as mentioned in the script) is NOT supported.<br />
    <br />
    I have searched everywhere for a fix, but nothing is suitable. I have uninstalled APF and will wait for a release that addresses this issue.
  • Gravatar - M0Dy
    M0Dy 19:38, July 14, 2006
    How to uninstall (remove) this APF firewall ?
  • Gravatar - Nemesiz
    Nemesiz 22:31, July 16, 2006
    remove /etc/apf dir. APF - its only a script to make firewall rukes, not firewall.
  • Gravatar - Fidoxd
    Fidoxd 12:12, August 5, 2006
    Is normal this log?<br />
    <br />
    ago 05 11:55:01 server2 apf(31989): flushing & zeroing chain policies<br />
    ago 05 11:55:01 server2 apf(31989): firewall offline<br />
    ago 05 12:00:03 server2 apf(32043): flushing & zeroing chain policies<br />
    ago 05 12:00:03 server2 apf(32043): firewall offline<br />
  • Gravatar - David Yasmineh
    David Yasmineh 18:53, August 10, 2006
    heres the issue....APF / BFD are really nice if you have a fixed IP that you use to access your server from. <br />
    <br />
    The thing is i get a million unauthorized login attempts a month. I read about this script called PYTHON SCRIPT which would automatically block the attacking ip address for a period of time if it failed to authorize more than 3 times for example.<br />
    <br />
    Now APF / BFD do the same?????<br />
    <br />
    Please let me know, email me<br />
    <br />
    david_yasmineh@yahoo.com<br />
    <br />
    kind of urgent for me pls.<br />
    <br />
    thnks
  • Gravatar - Daniel
    Daniel 15:33, September 2, 2006
    Hi,<br />
    <br />
    I cant start my firewall..<br />
    <br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    Unable to load iptables module (ipt_state), aborting.<br />
    <br />
    Please help..
  • Gravatar - el
    el 14:55, September 19, 2006
    i tried to install on debian ...<br />
    cp: cannot create regular file `/etc/rc.d/init.d/apf': No such file or directory<br />
    <br />
    debian doesn't have an /etc/rc.d/init.d directory. I assume that I should just edit the install script to point to /etc/init.d ?
  • Gravatar - Joe
    Joe 13:52, November 19, 2006
    APF & BFD both installed successfully and apparently working correctly except for two issues.<br />
    <br />
    1/ No email alerts are being received (I have configured as per instructions)<br />
    <br />
    2/ For AntiDOS for APF the file /var/log/apfados_log is missing.<br />
    <br />
    Finally, how do I set the time during which a brute attack is allowed before being stopped. For instance, my server was under attack for 10 minutes during which time a huge number of attempts were made before being stopped. How do I reduce this time or preferably set a number of instances (5 perhaps) before an attack is stopped.<br />
    <br />
    Thanks<br />
    <br />
    Joe
  • Gravatar - Alan
    Alan 00:31, November 23, 2006
    Antidos is intended to operate via cron. This is a critical setup point as if<br />
    not done, antidos will simply not operate.<br />
    <br />
    The following string can be placed into /etc/crontab or similar file:<br />
    */2 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1<br />
    <br />
    This will run antidos every two minutes. I dont recommend running it once a<br />
    minute as it may cause a bottleneck for itself and the CPU. Likewise running it<br />
    beyound a period of once every 5 minutes is not recommended either, for obviouse<br />
    reasons.<br />
  • Gravatar - Jeff
    Jeff 18:26, December 12, 2006
    Port 37 also needs to be open on Cpanel servers. The rdate function uses 37 to connect to the time servers
  • Gravatar - Steve
    Steve 00:31, February 12, 2007
    APF Plesk Ports<br />
    <br />
    IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,8443"<br />
    IG_UDP_CPORTS="37,53,873"<br />
    <br />
    EGF="1"<br />
    EG_TCP_CPORTS="20,21,22,25,53,37,43,80,113,443,465,873,5224"<br />
    EG_UDP_CPORTS="53,873"
  • Gravatar - Raptor
    Raptor 03:22, February 16, 2007
    Great How to! Worked 1st time.
  • Gravatar - Steve
    Steve 23:23, April 28, 2007
    I cant start my firewall..<br />
    <br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    Unable to load iptables module (ipt_state), aborting.<br />
    <br />
    any ideas ?
  • Gravatar - Beth
    Beth 13:31, May 1, 2007
    Has anyone gotten this to work to deny traffic from hosts that are perpetrating dictionary attacks against an FTP server? For example, several times a week, we have people running a database of usernames against our ftp servers. Sometimes, so much that my logs are 15-50 MB larger from logging the attempts. It would be great if we could stop a user at 5 attempts or so. The FTP server itself stops the user after 3 failed logins, but they go on with more from the list, so it could end up being thousands of names.<br />
    <br />
    Thanks!<br />
    Beth
  • Gravatar - binoy
    binoy 03:16, June 11, 2007
    How can I unblock an ip through apf.<br />
    <br />
    email me at binoy1983@yahoo.com
  • Gravatar - Senthil
    Senthil 04:43, July 18, 2007
    Are there any ways in adding apf in whm panel (doing all the operations in the whm panel)?.
  • Gravatar - Rich
    Rich 02:16, November 16, 2007
    Is this guide still current? I only ask because it was 3 years ago that this article was originally published. Have any instructions changed?
  • Gravatar - Shaun
    Shaun 10:52, December 12, 2007
    Works fine as of December 2007
  • Gravatar - vinyas
    vinyas 16:18, January 19, 2008
    Works super as of January 2008
  • Gravatar - Valeriu Palos
    Valeriu Palos 13:34, February 12, 2008
    This tool also runs beautifully on Ubuntu based machines (maybe even Debian) using this patch:<br />
    <br />
    http://codeblog.palos.ro/2007/09/08/apf-firewall-on-ubuntu-704/
  • Gravatar - pankaj dhingra
    pankaj dhingra 06:53, March 7, 2008
    cannot stat `/etc/apf.bk.last/vnet/*.rules': <br />
    <br />
    facing this problem while installing apf
  • Gravatar - devil2005
    devil2005 13:28, April 13, 2008
    i issue the command apf -d 192.168.1.64 . and also another ipddress for a webproxy to see if apf blocks it . but it doesnt . i have doen apf -r . and the webpage is still displayed to the blocked hosts . whats wrong
  • Gravatar - Milos
    Milos 23:20, June 8, 2008
    Starting with version 0.9.6-3 APF completely replaced Antidos with RAB (Reactive Address Blocking). So there is no more additional AntiDos cron job, everything is managed by APF and the RAB options are in conf.apf as expected.<br />
    <br />
    It would be nice that you update this tutorila. :)
  • Gravatar - Albert
    Albert 15:28, January 5, 2009
    i have some probs.. :<br />
    <br />
    root@viper [/apf-9.6-5]# ./install.sh<br />
    Installing APF 9.6-5: eth0: error fetching interface information: Device not found<br />
    Completed.<br />
    <br />
    Installation Details:<br />
    Install path: /etc/apf/<br />
    Config path: /etc/apf/conf.apf<br />
    Executable path: /usr/local/sbin/apf<br />
    <br />
    Other Details:<br />
    eth0: error fetching interface information: Device not found<br />
    cp: cannot stat `/etc/apf.bk.last/vnet/*.rules': No such file or directory<br />
    Imported options from 9.6-5 to 9.6-5.<br />
    Note: Please review /etc/apf/conf.apf for consistency, install default backed up to /etc/apf/conf.apf.orig<br />
    <br />
    i'm using : <br />
    <br />
    cPanel 11.24.4-R32603 - WHM 11.24.2 - X 3.9<br />
    CENTOS 5.2 i686 on virtuozzo<br />
    Ethernet Device : venet0:0
  • Gravatar - petrepaul
    petrepaul 17:39, May 7, 2009
    when i do nano /etc/apf/ad/conf.antidos <br />
    <br />
    or pico /etc/apf/ad/conf.antidos<br />
    <br />
    creates a new file? everything else installed and works fine, any suggestions?<br />
    <br />
    really need to update this information with current version apf-9.7-1 <br />
  • Gravatar - bazzii
    bazzii 16:00, June 22, 2009
    I had a problem..<br />
    <br />
    In my site RSS feeds are there.. When I stop APF it works just fine.. But when start it, the RSS feed doesn't work. I had tried to flush it,<br />
    <br />
    # service iptables stop<br />
    # iptables -F<br />
    # service iptables save<br />
    # service iptables start<br />
    <br />
    But the rules are still comin in ?... Hoe do I flush this rules ?<br />
    <br />
    Any help appreciated !!
  • Gravatar - David Yasmineh
    David Yasmineh 05:57, June 8, 2010
    waw...2006...almost 5 years later..lol and i come accross this site again...

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2014 WebHostGear.com