hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting Talk Tutorials : Hosting Security and Technology Tutorials : How-To: Install APF Firewall for cPanel
Reply

Forum Jump

How-To: Install APF Firewall for cPanel

Reply Post New Thread In Hosting Security and Technology Tutorials Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 06-14-2004, 09:06 PM
VicePlanet VicePlanet is offline
Disabled
 
Join Date: Jun 2004
Posts: 10

How-To: Install APF Firewall for cPanel


Ok so you need a firewall. Well we recommend using APF. The following are the instructions you need to install
1) Login to your box as root
2) Download the APF Source (current version 0.9.3.3)

CODE
# wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz


3) Extract the tar.gz

CODE
# tar -zxf apf-current.tar.gz


4) Enter the APF directory

CODE
# cd apf-0.9.3_3


5) Run install code

CODE
./install.sh


6) Modify the APF config File

CODE
#vi /etc/apf/conf.apf


Hit i to enter insert mod
7) Add in the ports you want to open for inbound (INGRES). The following is for a cPanel box

CODE

# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=" 20,21,22,25,26,53,80,110,143,443,465,993,995,2082,
2083,2086,2087,2095,2096,3306,6666"

# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="21,53,465,873"

# Common ICMP (inbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
IG_ICMP_TYPES="3,5,11,0,30,8"



Please note that the above variables are already there, I placed what should be in there

8) Tell APF to monitor out going (EGRESS) also

CODE

Change the line:
EGF="0"
to
EGF="1"




9) Tell APF what ports to monitor

CODE

# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,22,25,26,37,43,53,80,110,113,443,465,873,2089,3306"

# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,465,873"

# Common ICMP (outbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
EG_ICMP_TYPES="all"

10) Save and exit - hit 'esc' :wq 'enter'

11) Start APF

CODE
# /usr/local/sbin/apf -s


You may or may not get output, if you do please reply and I can advide as to what to fix. If all goes well ou go back to the command line.
You now want to verify everyhting works, you can still get into SSH, cPanel works, you can view a page, etc.

12) If all works edit the config file and change the developer mode to 0

CODE
# vi /etc/apf/conf.apf


Hit i to enter insert mode

CODE
Change
DEVM="1"
to
DEVM="0"



Save and quit
Hit 'esc' :wq 'enter'

13) Restart APF


CODE
# /usr/local/sbin/apf -r



APF is now installed and monitoring your server.

This tutorial is brought to you by MyCPAdmin.

*Note: We have used this method on many many servers but we cannot be held responsible for any damage this may cause.



Sponsored Links
  #2  
Old 06-17-2004, 05:22 PM
mikesmi7h mikesmi7h is offline
Newbie
 
Join Date: Jun 2004
Posts: 7
Thanks for the tutorial.

  #3  
Old 06-17-2004, 07:06 PM
AcuNett AcuNett is offline
Peace of Mind ServerManagement
 
Join Date: Dec 2001
Location: Franklin, TN, USA
Posts: 1,312
What's the UDP ftp ports for?

__________________
ServerSync, By AcuNett | RAID-6 Remote RSYNC Space
Are you ready for peace of mind?

Sit back. Relax. Leave everything to us.
( AcuNett 24x7 Always-On Server Management Est. 12 Years, BBB A+, RateLobby Reviews )


Sponsored Links
  #4  
Old 11-11-2004, 08:44 AM
arty arty is offline
New Member
 
Join Date: Nov 2004
Posts: 0
guys i get this:
Unable to load iptables module (ip_tables), aborting.
when i type apf -s
note that this is a vds running virtuozzo with rh 9 and cpanel
can you help?

  #5  
Old 11-13-2004, 07:23 AM
arty arty is offline
New Member
 
Join Date: Nov 2004
Posts: 0
can anyone help?

  #6  
Old 11-13-2004, 10:17 AM
Angelo Angelo is offline
Web Hosting Master
 
Join Date: Mar 2004
Location: Los Angeles
Posts: 617
Change your MONO_KERN value in configuration file and restart APF.

__________________
Hosting Reviews

  #7  
Old 11-13-2004, 10:24 AM
arty arty is offline
New Member
 
Join Date: Nov 2004
Posts: 0
now i'm getting dousins of problems: all of them contining something like this

iptables: No chain/target/match by that name
or
iptables: Memory allocation problem

  #8  
Old 11-14-2004, 01:40 AM
PuNkEr PuNkEr is offline
Newbie
 
Join Date: Nov 2004
Posts: 6
same. running a VDS and now i get the above if i change mono_kern.

also how do I uninstall the APF Firewall?

  #9  
Old 11-19-2004, 03:40 PM
arty arty is offline
New Member
 
Join Date: Nov 2004
Posts: 0
anyone can helpppppppppp?

  #10  
Old 11-19-2004, 06:20 PM
hostingNIS hostingNIS is offline
Disabled
 
Join Date: Nov 2004
Location: San jose
Posts: 14
Very usefull

This is a very usefull thread.
Thank you

  #11  
Old 11-22-2004, 04:53 AM
Devil Inside Devil Inside is offline
Web Hosting Evangelist
 
Join Date: Nov 2003
Posts: 516
Ports Ports Ports...

Here's a nice little list of ports that should be open on a cPanel server.

Credit to CyberSpirit from the cPanel forums for compiling this.

port service protocol direction

1 & 111 Portscanner (to detect scans)

20 ftp tcp inbound/outbound

21 ftp tcp,udp inbound/outbound

22 ssh tcp inbound

25 smtp tcp inbound/outbound

26 smtp tcp inbound/outbound
(this port is only needed to be open if the option in cpanel to run exim on port 26 is used.)

37 rdate tcp outbound

43 whois tcp outbound

53 DNS tcp/udp inbound/outbound
(inbound is only needed if you run your own public DNS server)

80 http tcp inbound/outbound

110 pop3 tcp inbound

113 ident tcp outbound

143 imap4 tcp inbound

443 https tcp inbound

465 smtp tls/ssl tcp/udp inbound/outbound

873 rsync tcp/udp outbound

993 imap4 ssl tcp inbound

995 pop3 ssl tcp inbound

2082 cpanel tcp inbound

2083 cpanel ssl tcp inbound

2086 whm tcp inbound/(outbound for DNS cluster)

2087 whm ssl tcp inbound/(outbound for DNS cluster)

2089 cp licence tcp outbound (see below*)

2095 Webmail tcp inbound

2096 Webmail SSL tcp inbound

3306 mysql tcp (only if you need to connect remotely)

6666 chat tcp inbound

9898 AIM tcp outbound

* You may wish to setup port 2089 as follows:

out:d=2089:d=216.118.116.100
in=2089=216.118.116.110

As this port is used to cPanel licensing, and not always actively used - this will allow the port to remain open, but ONLY to the cPanel server.


Last edited by Devil Inside; 11-22-2004 at 04:56 AM.
  #12  
Old 11-24-2004, 04:24 AM
jethbrown jethbrown is offline
Junior Guru Wannabe
 
Join Date: Nov 2004
Location: Edmonton, Alberta
Posts: 90
what does this mean when I restart apf?

root@server1 [~]# /usr/local/sbin/apf -r
iptables v1.2.9: Unknown arg `--set-tos'
Try `iptables -h' or 'iptables --help' for more information

  #13  
Old 12-28-2004, 06:10 PM
rfxn rfxn is offline
Junior Guru
 
Join Date: Apr 2002
Location: Canada
Posts: 245
for those on VPS/VDS - it is up to your vendors to issue kernels with all appropriate iptable modules compiled. APF is an advanced firewall which uses allot of high-level features that is not common in other firewalls. As such kernels often lack the default modules required by APF -- or atleast the stock VPS/VDS kernels.

__________________
'Make no mistake, the odds are not in your favor -- you have to patch every hole,
but an attacker need find only one to get into your environment.'

R-fx Networks - Linux Software & Blog | http://www.rfxn.com


  #14  
Old 02-08-2005, 05:59 PM
ThomasO ThomasO is offline
WHT Addict
 
Join Date: Oct 2004
Posts: 118
I installed everything OK... but, now I get this:

root@apco [/usr/local/sbin]# apf -s
FATAL: Module ip_tables already in kernel.
FATAL: Module ipt_state already in kernel.
FATAL: Module ipt_multiport already in kernel.
FATAL: Module iptable_filter already in kernel.
FATAL: Module ipt_limit already in kernel.
FATAL: Module ipt_LOG already in kernel.
FATAL: Module ipt_REJECT already in kernel.
FATAL: Module ip_conntrack already in kernel.
FATAL: Module ip_conntrack_irc already in kernel.
FATAL: Module ip_conntrack_ftp already in kernel.
FATAL: Module iptable_mangle already in kernel.


I remember, I upgraded to kernel 2.6.10

Perhaps something with that?

__________________
www.hostifex.com

  #15  
Old 02-08-2005, 06:02 PM
rfxn rfxn is offline
Junior Guru
 
Join Date: Apr 2002
Location: Canada
Posts: 245
usually indicates modules already in use -- often another firewall; try to do apf -f then apf -r and see if the issue continues.

__________________
'Make no mistake, the odds are not in your favor -- you have to patch every hole,
but an attacker need find only one to get into your environment.'

R-fx Networks - Linux Software & Blog | http://www.rfxn.com


Reply

Related posts from TheWhir.com
Title Type Date Posted
cPanel Security Updates Address Perl Module Vulnerabilities Web Hosting News 2012-12-06 12:55:54
Hosting Control Panel cPanel & WHM 11.34 Release Hits Stable Tier Web Hosting News 2012-11-12 17:04:57
cPanel Releases cPanel, WHM 11.34 with New User Interface Web Hosting News 2012-10-16 13:09:49
cPanel Conference 2012: Branding and How to Do it Better with Felipe Gasper Web Hosting News 2012-10-09 18:00:02
Video: cPanel and Attracta Talk About Integrating SEO Tools into the Hosting Control Panel Whir Tv 2013-10-05 05:55:56


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?