SystemAdminihater.com

 

This article explains how to quickly install and configure APF (Advanced Policy Firewall) for Linux.

These commands will install APF:

wget http://www.rfxn.com/downloads/apf-current.tar.gz
gzip -d apf-current.tar.gz
tar -xvf apf-current.tar
cd apf*
sh install.sh

Open the Configuration file:

nano /etc/apf/conf.apf

#To allow firewall to continue running
Change DEVEL_MODE="1" to DEVEL_MODE="0"
#To allow TCP Window Scaling
Change SYSCTL_TCP="1" to SYSCTL_TCP="0"

Modify:

IG_TCP_CPORTS="22"

and

IG_UDP_CPORTS=""

To include TCP and UDP ports you need open.

type ‘service apf start’ to start APF.

Note:

If you are running vsftpd you should configure vsftpd to use specific ports for PASV FTP and then allow those ports through the firewall as shown below.

pasv_enable=YES
pasv_max_port=9000
pasv_min_port=9050

In the above example PASV FTP will use ports 9000-9050 so you could specify that as 9000_9050 in the IG_TCP_CPORTS configuration in APF.

I hope this was useful to you.

Tags: Linux, Security

This entry was posted on Wednesday, March 9th, 2011 at 4:14 pm and is filed under Linux, Management. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.