Results 26 to 39 of 39
Thread: APF FireWall Installation [Easy]
-
07-25-2005, 02:15 PM #26Aspiring Evangelist
- Join Date
- Dec 2004
- Location
- India, USA
- Posts
- 364
Hi,
I installed it and then came to know that i can't have this on a VPS. Please tell me how to un-install it ? I tried rpm -e apf but it did not worked.
Thanks.
-
07-29-2005, 03:19 PM #27Junior Guru
- Join Date
- Jul 2005
- Location
- Beverly Hills, CA.
- Posts
- 245
Originally posted by Tapan
Hi,
I installed it and then came to know that i can't have this on a VPS. Please tell me how to un-install it ? I tried rpm -e apf but it did not worked.
Thanks.
once you find the rpm
rpm -e <name>
Done. If you cant find it, PM me and ill help you.
-
07-30-2005, 04:18 PM #28Newbie
- Join Date
- Jul 2005
- Posts
- 6
IG_TCP_CPORTS is that the one i should change ports in?
-
09-07-2005, 09:14 AM #29Junior Guru Wannabe
- Join Date
- Aug 2004
- Posts
- 58
Hi!
i have installed apf on cpanel. the current settings open all the konwn ports and allow connection from all ips.
what i want,
i want to allow port 80 to be open for whole world
and all the other ports available for only local 192.168.0.* and certain other ips.
what changes should i do ?
-
09-27-2005, 06:43 PM #30Web Hosting Guru
- Join Date
- Apr 2002
- Location
- Troy, MI
- Posts
- 324
Originally posted by tsook
@ 93.3
How did you solve that problem?
*
lsmod: QM_MODULES: Function not implemented
Unable to load iptables module (ip_tables), aborting.
*Ryan MacDonald
Lead Administrator | TotalChoice Hosting
Choice Does Matter! | Serving over 26,000 clients
-
03-30-2006, 01:39 PM #31Junior Guru Wannabe
- Join Date
- May 2005
- Posts
- 55
Does anybody have a tutorial on installing APF under Debian?
When I ran the installer, it gave an error message about /etc/rc.d not existing.
Also when I run /usr/local/sbin/apf -s I do not see a process running that would correlate, which seems to indicate to me that it's not running?
And I do not see an init script in /etc/init.d/ as the documentation says their should be.
Any ideas?
-
05-02-2006, 07:05 AM #32WHT Addict
- Join Date
- Aug 2003
- Posts
- 124
Does anyone know what's the deal with the ./firewall executable in /etc/apf ?
-
05-03-2006, 01:26 AM #33Originally Posted by Necroist
The file is the handler for most of the firewall rules out there. It defines what ports are open, what are closed, and it's called on startup. Don't play in here unless you know what you're doingTom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
05-03-2006, 08:52 PM #34-=*/E=-
- Join Date
- Sep 2005
- Location
- In canada
- Posts
- 3,374
Originally Posted by OneBinary
Type iptables -L and look at the list of rules if its blank than its not running,
Just to make sure u understand by blank type /usr/local/sbin/apf -f and type iptables -L
And than type /usr/local/sbin/apf -s and again type iptables -L .
If both outputs are same that means its not running but if output are differnt its running.
And do not use the rules as defined by Hoob as you will end up blocking yourself out of ssh.
If you want to be able to access SSH in UDP port instead of 37 use 22 , cause seems like he is using 37 for ssh port.
cheers
Originally Posted by Hoobastank68Last edited by Energizer Bunny; 05-03-2006 at 08:55 PM.
12+ years -same website , new server [SSD Inside] providing shared/reseller hosting only !
These things we do not provide/offer : Unlimited Storage ! Unlimited Bandwidth ! But Why? Cause, we were unable to put such a large number on our pages, it just would not fit.
So check out the numbers that actually fit >> << the page as well as your budget too !
-
05-15-2006, 06:29 PM #35New Member
- Join Date
- May 2006
- Posts
- 1
Problems with APF / BFD
I recently installed APF/BFD on our linux boxes. The installation went through very well without any issues.The website and other services on the servers were also functioning very well.
However at 2:00 AM the following day, I got a alert that the website is down and I tried to SSH to the server. Unfortunately the server did not allow me that. I realised that I was completely locked out and I had the datacenter personnel to logon at the console and have him uninstall BFD and reboot the server. After the server reboot I was able to SSH to the server. I removed the apf from chkconfig and rebooted the server again. Everything looked good until 2:00 AM the next day. Again the website was down and the server became inaccessible. Agian I had the datacenter personnel to restart the server and evrything backup normal.
Later I realised that there was a cron job fw. ( I guess it was running at 2:00 AM).. After removing the cron job everthing is working normally , but still having SSH brute force attack.
Could anyone help me to implement APF/BFD on my linux boxes? I am not sure where I am going wrong in configuring the firewall.
I appreciate your help
thanks
gspai
-
07-27-2006, 08:44 PM #36Junior Guru Wannabe
- Join Date
- Nov 2005
- Posts
- 78
I am getting this when trying to run APF:
[root@ip- apf]# ./apf -s
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
eth0: error fetching interface information: Device not found
Development mode enabled!; firewall will flush every 5 minutes.
Opening /proc/modules: No such file or directory
Unable to load iptables module (ip_tables), aborting.
How to fix it?
-
08-03-2006, 01:35 PM #37Newbie
- Join Date
- Oct 2004
- Posts
- 13
I've been running APF 0.92 after installing it normally. My server is located in a server farm about 40 miles from me.
All went well for months, but then I rebooted the machine. Mistake.
It wouldn't come up.
I had to visit my machine in person and boot it up interactively, saying "NO" to have APF activated on the boot up.
That was the trick, and the machine then booted normally.
So, how do I change the config so as to either not include APF on the bootup or otherwise whitelist my own server farm port/ip/whatever issues so the machine boots up remotely???
(I think I can remember enough of the config to make sure it's not in the bootup sequence, but I'll have to read on that.)
But the issue of not being able to boot up cold with APF in the sequence bugs me, because at the moment that means I can't reboot with APF installed.
Any help?
-
08-04-2006, 08:00 PM #38Retired Moderator
- Join Date
- Oct 2004
- Location
- Ohio
- Posts
- 1,668
Look for the line VF_UTIME="0", change that to say a 60 seconds or so and it should be fine. This option will tell APF not to start till the server has been up for a set amount of time. If you still have problems after changing it, increase the time and try again. Hope this helps.
-
08-05-2006, 05:47 PM #39Newbie
- Join Date
- Oct 2004
- Posts
- 13
Originally Posted by Chris_M
Appreciate that tip!