Page 1 of 2 12 LastLast
Results 1 to 25 of 39
  1. #1
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,406

    Lightbulb APF FireWall Installation [Easy]

    Hi,

    This is a pretty simple How-to for installing APF Firewall.

    1) Install:
    wget http://www.rfxnetworks.com/downloads/apf-current.rpm
    rpm -Uvh apf-current.rpm

    2) Edit:
    /etc/apf/conf.apf

    DEVM="0" - set to 0 only if you are sure that firewall works good

    (Common Cpanel Ports, please re-configure for your use)
    TCP_CPORTS=" 21,22,25,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306,7786" (in one line!)

    UDP_CPORTS="37,53,873"

    Many other options in which you can enable inside the config. Please take time to configure.

    3) Restart APF


    To Enable Pings:

    pico -w /etc/apf/icmp.rules
    Uncomment:

    # Uncomment to enable pings
    # $IPT -t filter -A INPUT -p icmp --icmp-type 8 -m limit --limit $ICMP_LIM/s -j ACCEPT
    Then restart APF

    ------------------------------
    commands:
    /etc/rc.d/init.d/apf stop
    /etc/rc.d/init.d/apf start
    /etc/rc.d/init.d/apf restart

    Thanks to EV1 Forum for much info on this.
    Last edited by eBoundary; 01-19-2004 at 10:18 AM.

  2. #2
    Join Date
    Jan 2001
    Location
    Illinois, USA
    Posts
    7,175
    Thanks for the How-To!

    Hopefully someone can follow this up with a detailed tutorial on how to configure APF

    <edit>signature removed</edit>
    Last edited by choon; 02-17-2004 at 03:29 PM.

  3. #3
    Join Date
    Apr 2001
    Posts
    2,611
    3 things,

    1. I believe Ryan ( APF Author ) has recommended against the rpm.. and it may be outdated.

    2. Why reboot?

    3. This how-to seems to be fairly outdated, compared to the most recent APF versions.

    Edit: I should also note for future readers that the above seems to be targeted towards cpanel / whm systems.

    <edit>signature removed</edit>
    Last edited by choon; 02-09-2004 at 09:16 PM.

  4. #4
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,406
    Originally posted by Haze
    3 things,

    1. I believe Ryan ( APF Author ) has recommended against the rpm.. and it may be outdated.

    2. Why reboot?

    3. This how-to seems to be fairly outdated, compared to the most recent APF versions.

    Edit: I should also note for future readers that the above seems to be targeted towards cpanel / whm systems.
    Sorry, I meant by restart apf, not reboot..
    It be great if you can contribute a How-To for APF. (No RPM)
    Also, these arent targeted towards only cpanel systems.

    Cheers.

    <edit>signature removed</edit>
    Last edited by choon; 02-09-2004 at 09:16 PM.

  5. #5
    Join Date
    May 2003
    Posts
    1,708
    The documentation for APF is very clear and it is a very simple install. Basically untar it and run ./install.sh. The version outlined above is an old one as the port defining sections have changed in 0.9.3. In Ryan's forums there are sections of what he leaves open for different panels.

    <edit>signature removed</edit>
    Last edited by choon; 02-09-2004 at 09:17 PM.

  6. #6
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,406
    Hi,

    Ok anyways, here's installing without using RPM, this is a newer version of APF.


    wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

    tar -xzf apf-current.tar.gz

    cd /apf-0.9.3_3
    ./install.sh

    Your set
    Remember to edit config etc..and read the README.

    <edit>signature removed</edit>
    Last edited by choon; 02-09-2004 at 09:17 PM.

  7. #7
    Join Date
    Apr 2002
    Location
    Troy, MI
    Posts
    324
    http://www.webhostgear.com/61.html

    <edit>signature removed</edit>
    Last edited by choon; 02-09-2004 at 09:18 PM.

  8. #8
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,406
    Originally posted by rfxn
    http://www.webhostgear.com/61.html
    Yea just saw that one posted on burst's forum, pretty good how-to as well

    <edit>signature removed</edit>
    Last edited by choon; 02-09-2004 at 09:18 PM.

  9. #9
    Join Date
    Dec 2003
    Location
    Canada
    Posts
    794
    lsmod: QM_MODULES: Function not implemented

    Unable to load iptables module (ip_tables), aborting.

    Any ideas?

    <edit>signature removed</edit>
    Last edited by choon; 02-09-2004 at 09:18 PM.

  10. #10
    Join Date
    Dec 2003
    Location
    Canada
    Posts
    794
    Nevermind, I got it running.

    <edit>signature removed</edit>
    Last edited by choon; 02-09-2004 at 09:19 PM.

  11. #11
    and how to remove APF ? I'v install a rpm (old one ) and how to remove it to install a new one ?

  12. #12
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,406
    Try rpm -e apf

    <edit>signature removed</edit>
    Last edited by choon; 02-09-2004 at 09:19 PM.

  13. #13
    Join Date
    Jun 2002
    Posts
    234
    Originally posted by 93.3
    lsmod: QM_MODULES: Function not implemented

    Unable to load iptables module (ip_tables), aborting.

    Any ideas?

    <edit>signature removed</edit>
    If your kernel is compiled with iptables statically instead of as a module you need to do this in the conf.apf MONOKERN="0" Set it to "1" and then try start APF again.

  14. #14
    Join Date
    Mar 2003
    Location
    New York City
    Posts
    7,406
    Originally posted by SynHost
    If your kernel is compiled with iptables statically instead of as a module you need to do this in the conf.apf MONOKERN="0" Set it to "1" and then try start APF again.
    Yep, that should take care of it. Older version though don't have this option.

  15. #15

    lsmod: QM_MODULES: Function not implemented

    I am only getting the following error: lsmod: QM_MODULES: Function not implemented wil making the same change to the config file work as well?

    Thanks, Kevin

  16. #16
    @ 93.3

    How did you solve that problem?

    *
    lsmod: QM_MODULES: Function not implemented

    Unable to load iptables module (ip_tables), aborting.
    *

  17. #17
    Join Date
    Feb 2003
    Location
    Kuala Lumpur, Malaysia
    Posts
    4,980
    root@paragon [/etc/apf]# ./apf -s
    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name
    iptables: No chain/target/match by that name

    Any idea what does that mean?

    <edit>signature removed</edit>
    Last edited by choon; 03-29-2004 at 07:37 PM.

  18. #18
    could you please post how to block Ips using this firewall.
    I have tried and it is flushed in a few minutes,I am using these commands and have tried stoping and restarting APF

    iptables -A INPUT -s 3x.144.19x.32 -j DROP

    iptables -A INPUT -s 3x.144.19x.32 -j REJECT

    <edit>signature removed</edit>
    Last edited by choon; 03-29-2004 at 07:37 PM.

  19. #19
    Join Date
    Nov 2001
    Posts
    88
    Also please add outbond port 2089 for cpanel license checking if you enable outbond filtering or you will get a License Expired error in 2 weeks.

    <edit>signature removed</edit>
    Last edited by choon; 03-29-2004 at 07:37 PM.

  20. #20
    Join Date
    May 2003
    Posts
    483
    grace5 - add the IP's to the deny_hosts.rules file.

    <edit>signature removed</edit>
    Last edited by choon; 03-29-2004 at 07:37 PM.

  21. #21
    Join Date
    Mar 2002
    Posts
    210

    Re: APF FireWall Installation [Easy]

    [/B]To Enable Pings:

    pico -w /etc/apf/icmp.rules
    Uncomment:

    # Uncomment to enable pings
    # $IPT -t filter -A INPUT -p icmp --icmp-type 8 -m limit --limit $ICMP_LIM/s -j ACCEPT
    Then restart APF
    [/B]
    The latest version has no icmp.rules file. So where can I enable pings?

  22. #22
    Join Date
    Dec 2001
    Location
    Los Angeles, CA
    Posts
    1,337
    I believe Ping should be enabled by default.
    Ronny Fang
    Linux Problems Solved. | Built for the Hosting Industry
    Server Management. Node Management. Helpdesk Management.
    ( AcuNett, Est. 15 Years, RateLobby 5 Stars )

  23. #23
    Pings are disabled by default.

  24. #24
    Anyone got it to work on VPS? Tested on both UML and Virtuoso without success.
    ••• Like us on Facebook to qualify for discounts! •••
    ••• http://www.sprintserve.net •••
    ••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
    ••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••

  25. #25
    Join Date
    Mar 2002
    Posts
    210
    yes. Pings are enabled by default.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •