So you have learned about Advanced Policy Firewall (APF) and how to install it on your dedicated server. However, there are a couple more steps to providing advanced firewall support for your dedicated web hosting account. This will help secure your dedicated server and assure your server’s safety.
Remember, if you purchased Managed Hosting from Lunarpages, they can install APF for you at no additional charge. There’s no coupon necessary for this promotion, but if you’re not yet signed up with our recommended dedicated host, check out our Dedicated Hosting Coupons for information on how you can save a bundle on your dedicated server hosting purchase!
Configuring APF (Advanced Policy Firewall)
/etc/apf is the configuration directory of APF and conf.apf is the main configuration file. So open up conf.apf in your favorite editor.
1. Scroll down till you see
IG_TCP_CPORTS=”22″
Tip: Pico -> Ctrl+W and then keyword –> Invokes search for keyword
Vi –> Esc and then /keyword –> Invokes search for keyword
emacs –> Ctrl+s and then keyword –> Invokes search for keyword
Change it to read
a) For a webmin server:
IG_TCP_CPORTS=”20,21,22,25,53,80,110,143,443,465,993,3306,10000,30000_35000″
b) For a Cpanel server :
IG_TCP_CPORTS=”20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2084,2086,2087,2095,2096,3306,10000,30000_35000″
2. Change IG_UDP_CPORTS=”" to read
IG_UDP_CPORTS=”21,53,465″
3. EGF=”0″ to EGF=”1″ #
This filters outgoing connections also, though I recommend it even if it may sometimes cause issues.
4. Change EG_TCP_CPORTS=”21,25,80,443,43″ to read:
EG_TCP_CPORTS=”21,22,25,37,53,80,110,113,443,465,43,873,2089,3306″
5. Change EG_UDP_CPORTS=”20,21,53″ to read
EG_UDP_CPORTS=”20,21,53,465″
6. Change USE_DS=”0″ to USE_DS=”1″
APF makes use of dshield (DS), which is a little like spam blocklists such as spews and lists the most commonly abused networks and those most often used in denial of service attacks and similar.
7. USE_AD=”0″ to USE_AD=”1″
The USE_AD=”1″ enables the Antidos Feature which is still in beta at the time of this writing. Readme says “Antidos is a log parsing script made for r-fx.org’s APF (advanced policy firewall). Its purpose is to parse specific log formats for network attacks against a given system; then it takes certain actions. It is designed to be modular so it can be removed from APF and used in other environments.”
You can now save the conf.apf and quit the editor. If you didn’t change the value of USE_AD to 1, you can skip our our web hosting turtorial on Configuring antiDOS and jump to the fourth one on Starting APF Firewall.