Results 1 to 25 of 39
Thread: APF FireWall Installation [Easy]
-
01-17-2004, 11:49 PM #1WebHostingTalk Lover
- Join Date
- Mar 2003
- Location
- New York City
- Posts
- 7,406
APF FireWall Installation [Easy]
Hi,
This is a pretty simple How-to for installing APF Firewall.
1) Install:
wget http://www.rfxnetworks.com/downloads/apf-current.rpm
rpm -Uvh apf-current.rpm
2) Edit:
/etc/apf/conf.apf
DEVM="0" - set to 0 only if you are sure that firewall works good
(Common Cpanel Ports, please re-configure for your use)
TCP_CPORTS=" 21,22,25,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306,7786" (in one line!)
UDP_CPORTS="37,53,873"
Many other options in which you can enable inside the config. Please take time to configure.
3) Restart APF
To Enable Pings:
pico -w /etc/apf/icmp.rules
Uncomment:
# Uncomment to enable pings
# $IPT -t filter -A INPUT -p icmp --icmp-type 8 -m limit --limit $ICMP_LIM/s -j ACCEPT
Then restart APF
------------------------------
commands:
/etc/rc.d/init.d/apf stop
/etc/rc.d/init.d/apf start
/etc/rc.d/init.d/apf restart
Thanks to EV1 Forum for much info on this.Last edited by eBoundary; 01-19-2004 at 10:18 AM.
-
01-18-2004, 02:02 PM #2Web Hosting Master
- Join Date
- Jan 2001
- Location
- Illinois, USA
- Posts
- 7,175
Thanks for the How-To!
Hopefully someone can follow this up with a detailed tutorial on how to configure APF
<edit>signature removed</edit>Last edited by choon; 02-17-2004 at 03:29 PM.
-
01-19-2004, 01:54 AM #3Web Hosting Master
- Join Date
- Apr 2001
- Posts
- 2,611
3 things,
1. I believe Ryan ( APF Author ) has recommended against the rpm.. and it may be outdated.
2. Why reboot?
3. This how-to seems to be fairly outdated, compared to the most recent APF versions.
Edit: I should also note for future readers that the above seems to be targeted towards cpanel / whm systems.
<edit>signature removed</edit>Last edited by choon; 02-09-2004 at 09:16 PM.
-
01-19-2004, 10:16 AM #4WebHostingTalk Lover
- Join Date
- Mar 2003
- Location
- New York City
- Posts
- 7,406
Originally posted by Haze
3 things,
1. I believe Ryan ( APF Author ) has recommended against the rpm.. and it may be outdated.
2. Why reboot?
3. This how-to seems to be fairly outdated, compared to the most recent APF versions.
Edit: I should also note for future readers that the above seems to be targeted towards cpanel / whm systems.
It be great if you can contribute a How-To for APF. (No RPM)
Also, these arent targeted towards only cpanel systems.
Cheers.
<edit>signature removed</edit>Last edited by choon; 02-09-2004 at 09:16 PM.
-
01-19-2004, 11:46 AM #5Web Hosting Master
- Join Date
- May 2003
- Posts
- 1,708
The documentation for APF is very clear and it is a very simple install. Basically untar it and run ./install.sh. The version outlined above is an old one as the port defining sections have changed in 0.9.3. In Ryan's forums there are sections of what he leaves open for different panels.
<edit>signature removed</edit>Last edited by choon; 02-09-2004 at 09:17 PM.
-
01-19-2004, 06:50 PM #6WebHostingTalk Lover
- Join Date
- Mar 2003
- Location
- New York City
- Posts
- 7,406
Hi,
Ok anyways, here's installing without using RPM, this is a newer version of APF.
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
tar -xzf apf-current.tar.gz
cd /apf-0.9.3_3
./install.sh
Your set
Remember to edit config etc..and read the README.
<edit>signature removed</edit>Last edited by choon; 02-09-2004 at 09:17 PM.
-
01-22-2004, 03:45 PM #7Web Hosting Guru
- Join Date
- Apr 2002
- Location
- Troy, MI
- Posts
- 324
http://www.webhostgear.com/61.html
<edit>signature removed</edit>Last edited by choon; 02-09-2004 at 09:18 PM.
-
01-22-2004, 05:06 PM #8WebHostingTalk Lover
- Join Date
- Mar 2003
- Location
- New York City
- Posts
- 7,406
Originally posted by rfxn
http://www.webhostgear.com/61.html
<edit>signature removed</edit>Last edited by choon; 02-09-2004 at 09:18 PM.
-
02-04-2004, 01:39 AM #9Web Hosting Master
- Join Date
- Dec 2003
- Location
- Canada
- Posts
- 794
lsmod: QM_MODULES: Function not implemented
Unable to load iptables module (ip_tables), aborting.
Any ideas?
<edit>signature removed</edit>Last edited by choon; 02-09-2004 at 09:18 PM.
-
02-05-2004, 08:10 PM #10Web Hosting Master
- Join Date
- Dec 2003
- Location
- Canada
- Posts
- 794
Nevermind, I got it running.
<edit>signature removed</edit>Last edited by choon; 02-09-2004 at 09:19 PM.
-
02-07-2004, 04:13 AM #11Web Hosting Guru
- Join Date
- Apr 2003
- Posts
- 271
and how to remove APF ? I'v install a rpm (old one ) and how to remove it to install a new one ?
-
02-07-2004, 11:22 PM #12WebHostingTalk Lover
- Join Date
- Mar 2003
- Location
- New York City
- Posts
- 7,406
Try rpm -e apf
<edit>signature removed</edit>Last edited by choon; 02-09-2004 at 09:19 PM.
-
02-27-2004, 07:08 PM #13Junior Guru
- Join Date
- Jun 2002
- Posts
- 234
Originally posted by 93.3
lsmod: QM_MODULES: Function not implemented
Unable to load iptables module (ip_tables), aborting.
Any ideas?
<edit>signature removed</edit>
-
02-27-2004, 07:47 PM #14WebHostingTalk Lover
- Join Date
- Mar 2003
- Location
- New York City
- Posts
- 7,406
Originally posted by SynHost
If your kernel is compiled with iptables statically instead of as a module you need to do this in the conf.apf MONOKERN="0" Set it to "1" and then try start APF again.
-
03-09-2004, 01:19 AM #15Junior Guru
- Join Date
- Feb 2004
- Posts
- 217
lsmod: QM_MODULES: Function not implemented
I am only getting the following error: lsmod: QM_MODULES: Function not implemented wil making the same change to the config file work as well?
Thanks, Kevin
-
03-14-2004, 07:34 AM #16New Member
- Join Date
- Mar 2004
- Posts
- 3
@ 93.3
How did you solve that problem?
*
lsmod: QM_MODULES: Function not implemented
Unable to load iptables module (ip_tables), aborting.
*
-
03-16-2004, 04:51 AM #17Web Hosting Master
- Join Date
- Feb 2003
- Location
- Kuala Lumpur, Malaysia
- Posts
- 4,980
root@paragon [/etc/apf]# ./apf -s
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
Any idea what does that mean?
<edit>signature removed</edit>Last edited by choon; 03-29-2004 at 07:37 PM.
-
03-16-2004, 08:25 AM #18Web Hosting Master
- Join Date
- Jul 2002
- Posts
- 609
could you please post how to block Ips using this firewall.
I have tried and it is flushed in a few minutes,I am using these commands and have tried stoping and restarting APF
iptables -A INPUT -s 3x.144.19x.32 -j DROP
iptables -A INPUT -s 3x.144.19x.32 -j REJECT
<edit>signature removed</edit>Last edited by choon; 03-29-2004 at 07:37 PM.
-
03-25-2004, 10:54 AM #19Junior Guru Wannabe
- Join Date
- Nov 2001
- Posts
- 88
Also please add outbond port 2089 for cpanel license checking if you enable outbond filtering or you will get a License Expired error in 2 weeks.
<edit>signature removed</edit>Last edited by choon; 03-29-2004 at 07:37 PM.
-
03-27-2004, 04:55 AM #20Web Hosting Evangelist
- Join Date
- May 2003
- Posts
- 483
grace5 - add the IP's to the deny_hosts.rules file.
<edit>signature removed</edit>Last edited by choon; 03-29-2004 at 07:37 PM.
-
08-10-2004, 08:32 AM #21Junior Guru
- Join Date
- Mar 2002
- Posts
- 210
Re: APF FireWall Installation [Easy]
[/B]To Enable Pings:
pico -w /etc/apf/icmp.rules
Uncomment:
# Uncomment to enable pings
# $IPT -t filter -A INPUT -p icmp --icmp-type 8 -m limit --limit $ICMP_LIM/s -j ACCEPT
Then restart APF
[/B]
-
08-10-2004, 06:52 PM #22Linux Problems Solved.
- Join Date
- Dec 2001
- Location
- Los Angeles, CA
- Posts
- 1,337
I believe Ping should be enabled by default.
Ronny Fang
Linux Problems Solved. | Built for the Hosting Industry
Server Management. Node Management. Helpdesk Management.
( AcuNett, Est. 15 Years, RateLobby 5 Stars )
-
08-12-2004, 12:31 AM #23Temporarily Suspended
- Join Date
- Jun 2004
- Posts
- 216
Pings are disabled by default.
-
08-12-2004, 07:56 AM #24Retired Moderator
- Join Date
- Jan 2003
- Posts
- 9,049
Anyone got it to work on VPS? Tested on both UML and Virtuoso without success.
••• Like us on Facebook to qualify for discounts! •••
••• http://www.sprintserve.net •••
••• Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting | •••
••• Services: | Managed Multiple Cores 64bit Servers | Server Management | •••
-
08-12-2004, 08:52 PM #25Junior Guru
- Join Date
- Mar 2002
- Posts
- 210
yes. Pings are enabled by default.