How to install APF (Advanced Policy Firewall) Published: Jan 20, 2004
  • Rating


AexiManagement is a UK based firm offering advanced outsourced server management solutions. We had a chance to interview Robert Greenwood, CEO of AexiManagement.

 AexiManagement is a UK based firm offering advanced outsourced server management solutions. We had a chance to interview Robert Greenwood, CEO of AexiManagement.


WHG: Hi Rob, thank you for taking the time to be interviewed with
What is your name and title?

Ok, First off all.. I would like to thank you for giving me the opportunity to talk with you on WebHostGear, I visit this site often and am ecstatic at the opportunity of having my company interviewed. My name is Robert Greenwood and I am joint owner and chief technical officer of

WHG: What is your company's location and contact information?
Although we do maintain offices and "dwellings" around Europe and the US, our main headquarters where the day to day running of AexiManagement is performed are within Manchester, UK. Or to be a little more precise, Stockport. Our main contact information is tel: 00447932726131 (Toll free number will be available soon) and email: You can also contact me directly at:

WHG: When did your company officially launch?
AexiManagement officially launched its web presence in the early months of 2004, But before that we were providing numerous clients with local server management solutions. It was in fact the idea of one of our clients to start selling our products to the rest of the world, and since then we have never looked back really. We are proud to support 15+ major hosting and dedicated server providers as well as numerous small to medium sized firms. Unfortunately for privacy reasons we cannot give out any information regarding those clients, as we pride ourselves on being as transparent as possible when it comes to providing solutions towards their clients.

WHG: Tell us about your company and services
AexiManagement is a UK based firm offering advanced outsourced server management solutions. Over the past few years we have observed the outsourcing market become saturated with Indian and American providers some of which either struggle to understand the English language or just lack the basic fundamentals to provide high quality technical support services. That is where we believe our company differentiates from most other providers today, We make sure that all our technicians and server administrators speak excellent English and are fully certified in the role they will be required to work in. As well as providing true 24/7 technical support services and a wide range of tailor made solutions ranging from kernel recompiles to helpdesk support.

WHG :What operating systems and control panels do you support?
We are proud to offer support and administration services on all operating systems and control panels, we are even beginning to provide numerous newly developed control panels with ideas and source codes to be included into their distribution. Obviously some of our technicians including myself and my partner will know certain control panels are operating systems better than others, we like to call these our "niche" support groups. The "niche" operating systems include Redhat, Debian, FreeBSD and other forms of Linux as well as Windows 2000+. Secondly our "niche" control panels include cPanel, Plesk, Ensim, H-Sphere, DirectAdmin and WebMin. As I mentioned though those are not the only control panels and operating systems we support.
WHG:  How many people work at Aeximanagement, do you provide emergency support?
As I mentioned before we have numerous locations over Europe and the U.S. But based in our Manchester office is about 7 people. This includes my partner and myself as well as 5 technicians who between them will manage the helpdesk and make use of our advanced server monitoring system. Over the past few weeks we have also taken on about 5 apprentices and we are now holding regular web based training classes for them. Yes, We are very proud to offer 24/7 technical support via our helpdesk for existing clients, and emergency support is provided at $25 per hour which is more than half price when compared to other providers.

WHG: What is your day to day role like at your company?
This usually varies dependant on the work load and availability of helpdesk staff. But I would say a usual day would star around 8:30pm where my partner and myself would meet up and discuss any news related to Aexi or its services. From there I would usually take a quick look at the helpdesk and make sure all tickets are responded to within the time specified in our SLA, if not I would make sure I resolve those tickets myself.
The next item on the agenda would be security audits. We usually need to perform about 5 of these a day on new and existing clients machines and so this can take up quite a hefty chunk of the day. At the moment only the two partners Andrew and Myself take care of these as we prefer our technicians to stay focused on the helpdesk and server monitoring. So I would say that all together a good 3 or 4 hours is spent performing this audits and making sure everything works correctly.
The rest of the day is usually spent speaking with current clients or people who are interested in becoming clients. This is usually done over the phone as we like to get to know all of our clients well so we can provide a more custom service. The agenda of these phone calls can usually range from answering sales questions to attending to feedback from our current clients.
That pretty much concludes a normal day in the office, Out of the office I do spend a lot of time posting on and am called into the office again on the odd occasion to either speak with a client or deal with a downed server.

WHG: How do you differentiate your company and products in a highly competitive industry?
We here at AexiManagement try to compete in a highly saturated marketing by providing all ours clients with services which we believe are not available elsewhere. Since the opening of AexiManagement to the public we have constantly been updating our products to insure quicker response times and more detailed information regarding any issues that arise.
With AexiManagement you are guaranteed 24/7 technical support from our fully certified helpdesk technicians and server administrators. When brought together by competitive pricing we are able to offer up-to-date pricing schemes that will fit any users budget

WHG: Why would I choose you? How experienced is your staff?
At AexiManagement we aim to offer an extremely high quality of service coupled with both 24/7 technical support and competitive pricing. Enabling us to compete highly with numerous other outsourced support providers. We are proud to offer completely transparent services and up-to-date help and faq material for your companies website. So you know that when you buy a service through aeximanagement, your not just buying access to fully certified technicians you also gaining numerous new avenues of support for your clients or servers.

WHG: Do you have any kind of certifications or notable experience?
Every member of AexiManagement will have some kind of certification based on the areas they work in. For example, all our systems administrators who perform the day-to-day managing of our clients services are both RHCE and MCSE certified and will endeavour to attend at least 1 training course a year. Another example would be our helpdesk technicians, They are both certified in level 1 systems administration and attend yearly customer service seminars.

WHG: What areas in your business would you like to improve?
As we have only recently opened our doors to accept public clients we obviously have had numerous feedbacks from our clients related to the service we offer and how we could endeavour to improve it. One of the most popularly requested features is a 800 toll free number for existing clients to make use of. We are currently researching this and plan to start using a service like this within the near future. One important improvement that will need making over the next few months, is to purchase a custom made billing system. As we continue to grow we have begun to realise that a out-of-the-box system really does not provide all the features we are looking to make use off, so I would imagine this will be a improvement made over the next few months. Our final improvement would definitely be the office, we are currently renting a few floors from an office based in Manchester, but as our client base continues to grow so does our need to expand. 
WHG: Where do you see yourself in 5 years?
Firstly, I would like to have seen all the improvements listed above to have taken place enabling us to provide a higher quality service towards our client base. From then, who knows?. I would like to believe that we would still be providing the quality service that we do know but to a wider percentage of the available market. I would also hope that we would have released numerous new features and plans to the public as well as to the private sectors of business.
I would like to hope that my partner and myself would be able to take a back seat within the company. Obviously continue to watch over the goings on within the business and interact with clients but also enable us to focus our available team on improving the service we offer.

WHG: Do you have any final comments?
Well, again I would like to thank you for giving us this opportunity and wish this site and yourself the very best. You have a lovely little community here and I'm sure the popularity will continue to grow as it has done over the past few months. Finally, I understand the frustration customers go through when trying to find a reliable outsourced support company and so I hope this interview and the many others find within this site help them get a grasp on the concept of "Outsourced Support"

  • Rating


Related Articles

Comments (83)

  • Gravatar - Edward
    Edward 22:57, January 25, 2004
    This worked great, but if your kernel is compiled with iptables statically instead of as a module you need to do this in the conf.apf
    Set it to "1" and then try start APF again.
  • Gravatar - chris
    chris 21:08, February 3, 2004
    the firewall should be set to 0 not 1 to be running allt eh time setting to 1 = turns off after 5 minutes ..i would fix it or you will have newbies with firewalls off everywhere
  • Gravatar - jdwh
    jdwh 17:12, February 11, 2004
    Does this work for servers? In the past there was a thread in their forums saying it was incompatible. Maybe this was fixed?
  • Gravatar - ryan
    ryan 19:40, February 11, 2004
    great howto document and covers the current release whereas most people cover the RPM release; great job.
  • Gravatar - Steve
    Steve 04:54, February 12, 2004
    jdwh - yes it works with any Linux servers, if you have any questions about firewall ports on the network then contact your provider.
  • Gravatar - Tom
    Tom 13:26, March 22, 2004
    Don't you need to type the following so APF starts after a reboot?

    chkconfig --level 2345 apf on
  • Gravatar - ryan
    ryan 12:02, April 9, 2004
    No; chkconfig is run during installation by APF's script.
  • Gravatar - greg
    greg 23:07, April 22, 2004
    anyone know how to stop if from logging to the terminal (tty1?)
  • Gravatar - autoquartz
    autoquartz 08:17, April 24, 2004
    How about Plesk 7 Server?
  • Gravatar - BAMF
    BAMF 22:26, April 26, 2004
    Make sure to add port #3306 to IG_TCP_CPORTS if you want to remotely administer your database.
  • Gravatar - Scott
    Scott 00:17, May 11, 2004
    Im kinda a newbie at this I use 4 diff Ipadresses on my machine could someone tell me how to add in so all the ip's use the same rights. Last firewall I tried blocked all my other Ip's on all ports thanx
  • Gravatar - chris
    chris 03:52, May 14, 2004
    How do you block an Ip in APF?
  • Gravatar - Steve
    Steve 17:03, May 27, 2004
    To block and IP in APF go to /etc/apf and pico deny_hosts.conf. Scroll down and add the IP addresses you need to block, each on a separate line. Comments with more details are in the file.
  • Gravatar - Anton
    Anton 10:48, June 1, 2004
    Guys, what about ports for passive ftp?
  • Gravatar - Colin Myerscough
    Colin Myerscough 16:13, June 2, 2004
    I can not use this firewall because does not exist and I can not get the block.txt from there. Who can help me
  • Gravatar - Tim Rice
    Tim Rice 19:55, June 7, 2004
    APF is great, except I sometimes have a hard time taking out a chain. For an example, I have the following loaded in the chain:
    32 DROP all -- anywhere

    I have tried to remove this, but can't for some strange reason. Is there a file that I can edit?
  • Gravatar - Khurrum Maqbool
    Khurrum Maqbool 03:04, June 10, 2004
    I had to open port 2089 because it was having problems with the license. Apparently cpanel needs the license sync port 2089 not only for incoming but also for outgoing traffic open
  • Gravatar - Janos
    Janos 21:15, June 17, 2004
    I get an error message when I want to start APF: /usr/local/sbin/apf: line 1: ifconfig: command not found . What's wrong here?
  • Gravatar - For Janos from WHG
    For Janos from WHG 20:05, June 18, 2004
    Run: cat /etc/apf/VERSION<br />
    You should see version: 0.9.3-rev3<br />
    <br />
    Then before you run any APF commands make sure you're logged in as the root environment: su - <br />
    <br />
    Make sure you use the "-" otherwise you won't be in the environment, this is why you're getting the error message I'm fairly sure.
  • Gravatar - DJALPHA
    DJALPHA 20:01, June 20, 2004
    Which is correct? 3000_3500 or 30000_35000 ? <br />
    Please check how to thx.
  • Gravatar - reanncw
    reanncw 17:39, June 21, 2004
    i get this,<br />
    <br />
    /etc/apf/vnet/vnetgen: ip: command not found<br />
    lsmod: QM_MODULES: Function not implemented<br />
    <br />
    iptables v1.2.6a: unknown protocol `ipv6-crypt' specified<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables: No chain/target/match by that name<br />
    iptables: No chain/target/match by that name<br />
    iptables: No chain/target/match by that name<br />
  • Gravatar - Khurrum Maqbool
    Khurrum Maqbool 03:13, July 16, 2004
    Also port 873 ingress is needed for Rsync... this is needed for /scripts/easyapache
  • Gravatar - Gareth
    Gareth 13:17, August 2, 2004
    Is APF compatible with FreeBSD?
  • Gravatar - Andy
    Andy 15:57, August 11, 2004
    error as follows<br />
    <br />
    iptables v1.2.9 invalild TCP / Port Service '=21' specified<br />
    <br />
    Try `iptables -h' or 'iptables --help' for more information<br />
    <br />
  • Gravatar - Bob
    Bob 16:56, August 30, 2004
    When I start the firewall I get a series of "uknown host" comments. What is this from and should I be concerned?
  • Gravatar - Sun Joo
    Sun Joo 13:46, October 20, 2004
    After APF started, the sites are not accessed from the browser. The moment I stop APF, then sites are loaded. What am I missing ? Any clue ? Thanks.
  • Gravatar - JLchafardet
    JLchafardet 18:51, November 2, 2004
    does this tutorial have ever been tested on RHEL ES3 Plesk Reloaded based servers?
  • Gravatar - Caz
    Caz 03:41, December 18, 2004
    I get "unknown host" when doing apf -r. Anyone know why?
  • Gravatar - Mtrafox
    Mtrafox 19:28, January 21, 2005
    Hy.<br />
    After I installed APF, I have some problems.<br />
    When I get the mail from BDF, that someone atack my one of virtual IP, and I ceck with ifconfig, my virtual interface is down. Some time all of my virtual interface are down. Anyone know how to fix this ?
  • Gravatar - Randall_James
    Randall_James 13:05, January 29, 2005
    chris <br />
    How do you block an Ip in APF? <br />
    <br />
    apf -d 12.345.67.89 <br />
    ----------------------<br />
    Bob and Caz<br />
    When I start the firewall I get a series of "uknown host" comments. What is this from and should I be concerned?<br />
    <br />
    Check the deny_host.rules, there is probably a bad entry in the bottom half of file<br />
    ________________________<br />
    INSTALL NOTE:<br />
    During the final phase of install you will recieve some output to screen, this will list the current listening ports! Generally these are going to be need added to the allowed ports in the conf.apf file. Also monitored services need open ports (eg, ThePlanet) check with your datacenter for a list of these ports.<br />
    <br />
  • Gravatar - Jafar
    Jafar 08:13, February 8, 2005
    hello ,,<br />
    I have got a question ..I want your help for me please in this problem ..<br />
    <br />
    Sometime : Network error(tcp_error) A communication error occurred: "Operation timed out"<br />
    Sometime : operatio timed out<br />
    Sometime : The page cannot be displayed<br />
    Sometime : Problem Report<br />
    <br />
    Some of the tracts is not able to the entry this talk is visible to them by higher<br />
    An example ( UAE emirates . Syria . Egypt ..<br />
    <br />
    this problem From , "Fairwell APF"<br />
    <br />
    Stop the program of the protection "APF" they are able to the entry (/usr/local/sbin/apf -f"<br />
    Start,run the program of the protection "APF" They are not able to the entry (/usr/local/sbin/apf -s)<br />
    <br />
    <br />
    what's I want do on a this <br />
    By start this the problems From about 25 days .<br />
    <br />
    thanks . I hope your help
  • Gravatar - apfwannabe
    apfwannabe 01:38, April 22, 2005
    how much memory and cpu usage does APF consumes?<br />
    <br />
    i have a vps with 199mb running whm/cpanel and has average load of 75% mem and 1 cpu load.<br />
    <br />
    will apf makes the server unstable considering my current vps resources<br />
    above?<br />
  • Gravatar - Henry
    Henry 03:59, April 23, 2005
    Hello,<br />
    <br />
    I got this error during installation, please help,<br />
    <br />
    Other Details:<br />
    cp: cannot stat `/etc/apf.bk.last/vnet/*.rules': No such file or directory<br />
    Imported options from 0.9.4-6 to 0.9.5-1.<br />
    Note: Please review /etc/apf/conf.apf for consistency, install default backed up to /etc/apf/conf.apf.orig<br />
    root@host [~/downloads/apf-0.9.5-1]# ./<br />
    Installing APF 0.9.5-1: Completed.
  • Gravatar - need-help
    need-help 12:01, May 2, 2005
    unknow host
  • Gravatar - Matt
    Matt 19:35, June 10, 2005
    I installed this successfully but then it locked me out! It blocked all IP's and I wasn't even able to get in via SSH - what do I have to mod for this to work? I had to have my datacenter disable firewall so I could have remote access again...
  • Gravatar - Tedd
    Tedd 11:44, July 25, 2005
    I cant seem to configure this properly so that I can take it out of test mode. When running I cannot access my website.<br />
    <br />
    I using WMH with cPanel. I got it installed okay. But no matter how I configure the options, Im denied from the website.<br />
    <br />
    Any ideas?
  • Gravatar - Tapan
    Tapan 20:02, July 25, 2005
    Hi,<br />
    <br />
    When i did all i got this and its not working:<br />
    <br />
    /usr/local/sbin/apf -s<br />
    eth0: error fetching interface information: Device not found<br />
    eth0: error fetching interface information: Device not found<br />
    eth0: error fetching interface information: Device not found<br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    /etc/apf/firewall: line 1: /sbin/lsmod: No such file or directory<br />
    Unable to load iptables module (ip_tables), aborting.<br />
    <br />
  • Gravatar - Ankush
    Ankush 20:35, August 16, 2005
    Please update the article to match the latest version settings of apf. The new apf has lot of new features.
  • Gravatar - Liam Glanfield
    Liam Glanfield 20:21, August 17, 2005
    This was very detailed and spot on but I think I may have done somthing wrong. I have cpanel so used there port numbers given above. When i get to the part apf -s it works ok but I get "wget comand not found, try usinf wget --help for more info..." yet if I do apf -st it says it is working?! is this normal ??
  • Gravatar - Starfinder
    Starfinder 13:01, September 6, 2005
    Matt, Are you running SSH on a port other than 22? If so, you must also allow connections to this port.
  • Gravatar - nowayout
    nowayout 11:11, December 3, 2005
    root@server1 [~/downloads]# /usr/local/sbin/apf -s<br />
    iptables v1.2.11: host/network `' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `' not found<br />
    Try `iptables -h' or 'iptables --help' for more information.<br />
    iptables v1.2.11: host/network `' not found<br />
    Try `iptables -h' or 'iptables --help' for more information<br />
    <br />
    How I could fix that ?
  • Gravatar - Buddah
    Buddah 07:14, December 11, 2005
    Hmm, now my webpages won't load, ftp/plesk/ssh all work fine but websites won't load :-?
  • Gravatar - Fernando
    Fernando 06:43, January 24, 2006
    APF is dieing right after I call it. I don't know why. In logs I can only see:<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} loading postroute.rules<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} default (egress) output accept<br />
    Jan 24 00:42:13 nocserver apf(28525): {glob} default (ingress) input drop<br />
    Jan 24 00:42:13 nocserver apf(28488): firewall initalized<br />
    <br />
    Do you know why?
  • Gravatar - NOTSUPPORT
    NOTSUPPORT 23:23, January 30, 2006
  • Gravatar - Cleber
    Cleber 06:53, February 12, 2006
    How to install APF in 2 or more interfaces?<br />
    <br />
    ex: eth0, eth0.1 and others
  • Gravatar - Rainer
    Rainer 22:50, February 14, 2006
    Howto config NAT (iptable) with APF?
  • Gravatar - Morons
    Morons 23:23, March 6, 2006
    this isn't a support page, go elsewhere! This is just about one of the easiest monitoring software out there.
  • Gravatar - Luis
    Luis 03:12, March 15, 2006
    If you have Cpanel be sure to also open port 26 if you have a copy of exim on that port for the clients that have isp's that block 25
  • Gravatar - enes
    enes 23:06, April 4, 2006
    when using smbmount command with APF, smbmount does not working and gives "/bin/ls: .: Stale NFS file handle" error. <br />
    <br />
    to solve this problem, use this;<br />
    <br />
    ./apf -a OTHER_SERVER_IP<br />
    ./apf -r
  • Gravatar - Fred
    Fred 07:22, May 3, 2006
    I see cpanel is spoken about as it relates to this error but I am using monsterconls would it make a different.<br />
    <br />
    lsmod: QM_MODULES: Function not implemented Unable to load iptables module (ip_tables), aborting.<br />
    <br />
    I am have DDOS and install apf but can't get to load.<br />
    <br />
    Any help would be welcomed -THANKSl
  • Gravatar - Steve
    Steve 16:51, June 5, 2006
    I get installed the apf on server but cannot control the DDOS attack.<br />
    Please let us know what to do.<br />
    I have configured everything.<br />
    The attack is now going on.
  • Gravatar - Calvin
    Calvin 18:41, June 14, 2006
    How to remove this firewall after installation ?<br />
    <br />
    Regards,<br />
  • Gravatar - Calvin Phan
    Calvin Phan 19:11, June 14, 2006
    How to uninstall (remove) this APF firewall ?
  • Gravatar - Steve
    Steve 23:37, June 19, 2006
    rm -fv /etc/cron.daily/fw<br />
    chkconfig --del apf<br />
    rm -frv /etc/apf<br />
  • Gravatar - Muhammad Sajjad
    Muhammad Sajjad 15:28, June 23, 2006
    i need ur help about configuring firewall on routers. please provide me some notes or tutorials.
  • Gravatar - FD
    FD 19:56, July 8, 2006
    APF simply does not work correctly with 2.6 kernels due to module name changes and incompatibilities. You get the "Unable to load iptables module (ipt_state), aborting" message<br />
    <br />
    Setting "MONOKERN" to 1 is not a solution as it causes problems with passive FTP (amongst others) and (as mentioned in the script) is NOT supported.<br />
    <br />
    I have searched everywhere for a fix, but nothing is suitable. I have uninstalled APF and will wait for a release that addresses this issue.
  • Gravatar - M0Dy
    M0Dy 19:38, July 14, 2006
    How to uninstall (remove) this APF firewall ?
  • Gravatar - Nemesiz
    Nemesiz 22:31, July 16, 2006
    remove /etc/apf dir. APF - its only a script to make firewall rukes, not firewall.
  • Gravatar - Fidoxd
    Fidoxd 12:12, August 5, 2006
    Is normal this log?<br />
    <br />
    ago 05 11:55:01 server2 apf(31989): flushing & zeroing chain policies<br />
    ago 05 11:55:01 server2 apf(31989): firewall offline<br />
    ago 05 12:00:03 server2 apf(32043): flushing & zeroing chain policies<br />
    ago 05 12:00:03 server2 apf(32043): firewall offline<br />
  • Gravatar - David Yasmineh
    David Yasmineh 18:53, August 10, 2006
    heres the issue....APF / BFD are really nice if you have a fixed IP that you use to access your server from. <br />
    <br />
    The thing is i get a million unauthorized login attempts a month. I read about this script called PYTHON SCRIPT which would automatically block the attacking ip address for a period of time if it failed to authorize more than 3 times for example.<br />
    <br />
    Now APF / BFD do the same?????<br />
    <br />
    Please let me know, email me<br />
    <br /><br />
    <br />
    kind of urgent for me pls.<br />
    <br />
  • Gravatar - Daniel
    Daniel 15:33, September 2, 2006
    Hi,<br />
    <br />
    I cant start my firewall..<br />
    <br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    Unable to load iptables module (ipt_state), aborting.<br />
    <br />
    Please help..
  • Gravatar - el
    el 14:55, September 19, 2006
    i tried to install on debian ...<br />
    cp: cannot create regular file `/etc/rc.d/init.d/apf': No such file or directory<br />
    <br />
    debian doesn't have an /etc/rc.d/init.d directory. I assume that I should just edit the install script to point to /etc/init.d ?
  • Gravatar - Joe
    Joe 13:52, November 19, 2006
    APF & BFD both installed successfully and apparently working correctly except for two issues.<br />
    <br />
    1/ No email alerts are being received (I have configured as per instructions)<br />
    <br />
    2/ For AntiDOS for APF the file /var/log/apfados_log is missing.<br />
    <br />
    Finally, how do I set the time during which a brute attack is allowed before being stopped. For instance, my server was under attack for 10 minutes during which time a huge number of attempts were made before being stopped. How do I reduce this time or preferably set a number of instances (5 perhaps) before an attack is stopped.<br />
    <br />
    Thanks<br />
    <br />
  • Gravatar - Alan
    Alan 00:31, November 23, 2006
    Antidos is intended to operate via cron. This is a critical setup point as if<br />
    not done, antidos will simply not operate.<br />
    <br />
    The following string can be placed into /etc/crontab or similar file:<br />
    */2 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1<br />
    <br />
    This will run antidos every two minutes. I dont recommend running it once a<br />
    minute as it may cause a bottleneck for itself and the CPU. Likewise running it<br />
    beyound a period of once every 5 minutes is not recommended either, for obviouse<br />
    reasons.<br />
  • Gravatar - Jeff
    Jeff 18:26, December 12, 2006
    Port 37 also needs to be open on Cpanel servers. The rdate function uses 37 to connect to the time servers
  • Gravatar - Steve
    Steve 00:31, February 12, 2007
    APF Plesk Ports<br />
    <br />
    IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,8443"<br />
    IG_UDP_CPORTS="37,53,873"<br />
    <br />
    EGF="1"<br />
    EG_TCP_CPORTS="20,21,22,25,53,37,43,80,113,443,465,873,5224"<br />
  • Gravatar - Raptor
    Raptor 03:22, February 16, 2007
    Great How to! Worked 1st time.
  • Gravatar - Steve
    Steve 23:23, April 28, 2007
    I cant start my firewall..<br />
    <br />
    Development mode enabled!; firewall will flush every 5 minutes.<br />
    Unable to load iptables module (ipt_state), aborting.<br />
    <br />
    any ideas ?
  • Gravatar - Beth
    Beth 13:31, May 1, 2007
    Has anyone gotten this to work to deny traffic from hosts that are perpetrating dictionary attacks against an FTP server? For example, several times a week, we have people running a database of usernames against our ftp servers. Sometimes, so much that my logs are 15-50 MB larger from logging the attempts. It would be great if we could stop a user at 5 attempts or so. The FTP server itself stops the user after 3 failed logins, but they go on with more from the list, so it could end up being thousands of names.<br />
    <br />
    Thanks!<br />
  • Gravatar - binoy
    binoy 03:16, June 11, 2007
    How can I unblock an ip through apf.<br />
    <br />
    email me at
  • Gravatar - Senthil
    Senthil 04:43, July 18, 2007
    Are there any ways in adding apf in whm panel (doing all the operations in the whm panel)?.
  • Gravatar - Rich
    Rich 02:16, November 16, 2007
    Is this guide still current? I only ask because it was 3 years ago that this article was originally published. Have any instructions changed?
  • Gravatar - Shaun
    Shaun 10:52, December 12, 2007
    Works fine as of December 2007
  • Gravatar - vinyas
    vinyas 16:18, January 19, 2008
    Works super as of January 2008
  • Gravatar - Valeriu Palos
    Valeriu Palos 13:34, February 12, 2008
    This tool also runs beautifully on Ubuntu based machines (maybe even Debian) using this patch:<br />
    <br />
  • Gravatar - pankaj dhingra
    pankaj dhingra 06:53, March 7, 2008
    cannot stat `/etc/apf.bk.last/vnet/*.rules': <br />
    <br />
    facing this problem while installing apf
  • Gravatar - devil2005
    devil2005 13:28, April 13, 2008
    i issue the command apf -d . and also another ipddress for a webproxy to see if apf blocks it . but it doesnt . i have doen apf -r . and the webpage is still displayed to the blocked hosts . whats wrong
  • Gravatar - Milos
    Milos 23:20, June 8, 2008
    Starting with version 0.9.6-3 APF completely replaced Antidos with RAB (Reactive Address Blocking). So there is no more additional AntiDos cron job, everything is managed by APF and the RAB options are in conf.apf as expected.<br />
    <br />
    It would be nice that you update this tutorila. :)
  • Gravatar - Albert
    Albert 15:28, January 5, 2009
    i have some probs.. :<br />
    <br />
    root@viper [/apf-9.6-5]# ./<br />
    Installing APF 9.6-5: eth0: error fetching interface information: Device not found<br />
    Completed.<br />
    <br />
    Installation Details:<br />
    Install path: /etc/apf/<br />
    Config path: /etc/apf/conf.apf<br />
    Executable path: /usr/local/sbin/apf<br />
    <br />
    Other Details:<br />
    eth0: error fetching interface information: Device not found<br />
    cp: cannot stat `/etc/apf.bk.last/vnet/*.rules': No such file or directory<br />
    Imported options from 9.6-5 to 9.6-5.<br />
    Note: Please review /etc/apf/conf.apf for consistency, install default backed up to /etc/apf/conf.apf.orig<br />
    <br />
    i'm using : <br />
    <br />
    cPanel 11.24.4-R32603 - WHM 11.24.2 - X 3.9<br />
    CENTOS 5.2 i686 on virtuozzo<br />
    Ethernet Device : venet0:0
  • Gravatar - petrepaul
    petrepaul 17:39, May 7, 2009
    when i do nano /etc/apf/ad/conf.antidos <br />
    <br />
    or pico /etc/apf/ad/conf.antidos<br />
    <br />
    creates a new file? everything else installed and works fine, any suggestions?<br />
    <br />
    really need to update this information with current version apf-9.7-1 <br />
  • Gravatar - bazzii
    bazzii 16:00, June 22, 2009
    I had a problem..<br />
    <br />
    In my site RSS feeds are there.. When I stop APF it works just fine.. But when start it, the RSS feed doesn't work. I had tried to flush it,<br />
    <br />
    # service iptables stop<br />
    # iptables -F<br />
    # service iptables save<br />
    # service iptables start<br />
    <br />
    But the rules are still comin in ?... Hoe do I flush this rules ?<br />
    <br />
    Any help appreciated !!
  • Gravatar - David Yasmineh
    David Yasmineh 05:57, June 8, 2010
    waw...2006...almost 5 years and i come accross this site again...

Add Your Thoughts is a hosting directory, not a web host.

Copyright © 1998-2019