FIREWALL

Download apf from following link:

wget  http://www.rfxnetworks.com/downloads/apf-current.tar

# cd apf*
# ./install.sh

edit the following in Config file:

vim /etc/apf/conf.apf

Configure inbound (ingress) accepted services:

IG_TCP_CPORTS=”25,80,443″

# Configure outbound (egress) accepted services.

EGF=”1″    —-> enable this if you want to block outbound traffic

EG_TCP_CPORTS=”25,43″ —> exceptions for outbound traffic

EG_UDP_CPORTS=”20,21,53″ –>  exceptions for outbound traffic

vim allow_hosts.rules   –> edit this file to allow inbound/outbound traffic

tcp:in:d=22:s=192.168.5.0/24  –> allow inbound traffic for port 22 from

192.168.5.0/24
tcp:in:d=22:s=192.168.5.0/24  –> allow outbound traffic for port 22 to

192.168.5.0/24

Start APF:

#apf -s

this will start apf in development mode i.e the firewall will be flushed after 5 Mins

If your firewall is working fine disable development mode:

edit /etc/apf/conf.apf

DEVEL_MODE=”0″

Now Restart APF:

apf -r

Other information:

USE_DS=”0″ to USE_DS=”1″

APF makes use of dshield (DS), this is a little like spam blocklists such as spews and lists the most commonly abused networks and those most often used in denial of service attacks and similar.

USE_AD=”0″ to USE_AD=”1″

The USE_AD=”1″ enables the Antidos Feature which is still in beta at the time of this writing. Readme says “Antidos is a log parsing script made for r-fx.org’s APF (advanced policy firewall). It’s purpose is too parse specific log formats for network attacks against a given system; then take certian actions. it is designed to be modular so it can be removed from APF and used in other environments.”

AntiDOS Configuration
=======================

i) Open up /etc/apf/ad/conf.antidos

ii) Change LP_KLOG=”0″ to LP_KLOG=”1″

iii) CONAME=”Your Company”

Enter your company name within quotes similar to CONAME=”LunarPages”

iv) USR_ALERT=”0″ to USR_ALERT=”1″

Change it to 1 only if you wish to receive email alerts.

v) USR=”you@yourco.com”

Enter your email address here similar to the entry made in (iii) i.e in quotes

vi) Antidos is intended to operate via cron. This is a critical setup point as if not done, antidos will simply not operate.

Execute the command Code:
crontab -e

*/2 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1

This will run antidos every two minutes.

Leave a comment