Download apf from following link:
wget http://www.rfxnetworks.com/downloads/apf-current.tar
# cd apf*
# ./install.sh
edit the following in Config file:
vim /etc/apf/conf.apf
Configure inbound (ingress) accepted services:
IG_TCP_CPORTS=”25,80,443″
# Configure outbound (egress) accepted services.
EGF=”1″ —-> enable this if you want to block outbound traffic
EG_TCP_CPORTS=”25,43″ —> exceptions for outbound traffic
EG_UDP_CPORTS=”20,21,53″ –> exceptions for outbound traffic
vim allow_hosts.rules –> edit this file to allow inbound/outbound traffic
tcp:in:d=22:s=192.168.5.0/24 –> allow inbound traffic for port 22 from
192.168.5.0/24
tcp:in:d=22:s=192.168.5.0/24 –> allow outbound traffic for port 22 to
192.168.5.0/24
Start APF:
#apf -s
this will start apf in development mode i.e the firewall will be flushed after 5 Mins
If your firewall is working fine disable development mode:
edit /etc/apf/conf.apf
DEVEL_MODE=”0″
Now Restart APF:
apf -r
Other information:
USE_DS=”0″ to USE_DS=”1″
APF makes use of dshield (DS), this is a little like spam blocklists such as spews and lists the most commonly abused networks and those most often used in denial of service attacks and similar.
USE_AD=”0″ to USE_AD=”1″
The USE_AD=”1″ enables the Antidos Feature which is still in beta at the time of this writing. Readme says “Antidos is a log parsing script made for r-fx.org’s APF (advanced policy firewall). It’s purpose is too parse specific log formats for network attacks against a given system; then take certian actions. it is designed to be modular so it can be removed from APF and used in other environments.”
AntiDOS Configuration
=======================
i) Open up /etc/apf/ad/conf.antidos
ii) Change LP_KLOG=”0″ to LP_KLOG=”1″
iii) CONAME=”Your Company”
Enter your company name within quotes similar to CONAME=”LunarPages”
iv) USR_ALERT=”0″ to USR_ALERT=”1″
Change it to 1 only if you wish to receive email alerts.
v) USR=”you@yourco.com”
Enter your email address here similar to the entry made in (iii) i.e in quotes
vi) Antidos is intended to operate via cron. This is a critical setup point as if not done, antidos will simply not operate.
Execute the command Code:
crontab -e
*/2 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1
This will run antidos every two minutes.