h1

Server Security with Advanced Policy Firewall and Antidos

July 2, 2006

LinuxAPF is a policy based iptables firewall system designed for ease of use and configuration.  APF is ideal for deployment in many server environments based on Linux.

Below are notes on installing, configuring and running APF.

  1. Download the latest tarball via rfxnetworks.com
  2. Extract and install it:
    # tar -xvzf apf-current.tar.gz
    
    # cd apf*
    
    # ./install.sh
  3. Check the port that you need to protect with `ifconfig`. Usually it is “eth0” but if it’s something else, change it in the “conf.apf” file or you’ll risk locking yourself from the server.
  4. Edit “/etc/apf/conf.apf” and enable D-Shield block list of top networks exhibiting suspicious activity, and activate Antidos also.
    USE_DS="1"
    
    USE_AD="1"
  5. Open the common inbound and outboud ports.
    IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443"
    
    IG_UDP_CPORTS="53"EGF="1"
    
    EG_TCP_CPORTS="21,22,25,43,53,80,110,443"
    
    EG_UDP_CPORTS="20,21,53"
  6. Edit “/etc/apf/ad/conf.antidos”:
    LP_KLOG="1"USR_ALERT="1"
    
    USR="root"
  7. Add antidos to “/etc/crontab”:
    # Antidos
    
    */2 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1
  8. Star the firewall via `apf –s`.
  9. If you are not locked out of SSH, disable development mode in “conf.apf” file.
    DEVM="0"
  10. Restart with `apf -r` and verify that firewall is up and protecting the server using `iptables -L -n`.

Notes:

  • APF uses init files and is automatically set to startup at boot time. Check with `chkconfig –list apf`.
  • The apf and antidos logs are rotated via the conf files present in “/etc/logrotate.d”.
  • Remember to add your IP address in “/etc/apf/allow_hosts.rules” and “/etc/apf/ad/ignore.hosts” files to avoid being locked out of the server.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: