wget http://www.r-fx.ca/downloads/apf-current.tar.gz
tar –zxvf apf-current.tar.gz
cd apf-0.9.6-2
./install.sh
vi /etc/apf/conf.apf
Here is the general configuration to make your firewall run and block/open default ports. The rest is up to you to read the README file.
First we will enable the firewall to use the DShield.org block list of networks that are suspicious. You can change in the config file the option that says: USE_DS=”0” to USE_DS=”1”
Common ingress (inbound) ports # Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,995″ # # Common ingress (inbound) UDP ports IG_UDP_CPORTS=”53″
# Egress filtering [0 = Disabled / 1 = Enabled] EGF=”1″ # Common egress (outbound) TCP ports EG_TCP_CPORTS=”21,25,80,443,43″ # # Common egress (outbound) UDP ports EG_UDP_CPORTS=”20,21,53″
CPanel Configuration
Common ingress (inbound) ports # Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500″ # # Common ingress (inbound) UDP ports IG_UDP_CPORTS=”53″ Common egress (outbound) ports # Egress filtering [0 = Disabled / 1 = Enabled] EGF=”1″ # Common egress (outbound) TCP ports EG_TCP_CPORTS=”21,25,80,443,43,2089″ # # Common egress (outbound) UDP ports EG_UDP_CPORTS=”20,21,53″
Now start the firewall:
/etc/apf/apf –s
vi /etc/apf/ad/conf.antidos
You can configure lot of things there but we will just enable the send email option.
# Organization name to display on outgoing alert emails
CONAME=”Your Company”
# Send out user defined attack alerts [0=off,1=on]
USR_ALERT=”0″
#
# User for alerts to be mailed to
USR=you@yourco.com
/etc/apf/apf –r
chkconfig –level 2345 apf on
/etc/apf/apf –d ip notes
You can do that also from vi /etc/apf/deny_hosts.rules to deny hosts
To allow an ip use:
/etc/apf/apf –a ip notes
You can do that also from vi /etc/apf/allow_hosts.rules to allow hosts.
Not good