Server Security with Advanced Policy Firewall and AntidosJuly 2, 2006
LinuxAPF is a policy based iptables firewall system designed for ease of use and configuration. APF is ideal for deployment in many server environments based on Linux.
Below are notes on installing, configuring and running APF.
- Download the latest tarball via rfxnetworks.com
- Extract and install it:
# tar -xvzf apf-current.tar.gz # cd apf* # ./install.sh
- Check the port that you need to protect with `ifconfig`. Usually it is “eth0” but if it’s something else, change it in the “conf.apf” file or you’ll risk locking yourself from the server.
- Edit “/etc/apf/conf.apf” and enable D-Shield block list of top networks exhibiting suspicious activity, and activate Antidos also.
- Open the common inbound and outboud ports.
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443" IG_UDP_CPORTS="53"EGF="1" EG_TCP_CPORTS="21,22,25,43,53,80,110,443" EG_UDP_CPORTS="20,21,53"
- Edit “/etc/apf/ad/conf.antidos”:
- Add antidos to “/etc/crontab”:
# Antidos */2 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1
- Star the firewall via `apf –s`.
- If you are not locked out of SSH, disable development mode in “conf.apf” file.
- Restart with `apf -r` and verify that firewall is up and protecting the server using `iptables -L -n`.
- APF uses init files and is automatically set to startup at boot time. Check with `chkconfig –list apf`.
- The apf and antidos logs are rotated via the conf files present in “/etc/logrotate.d”.
- Remember to add your IP address in “/etc/apf/allow_hosts.rules” and “/etc/apf/ad/ignore.hosts” files to avoid being locked out of the server.