hosted by liquidweb

Go Back   Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Apf and more security

Forum Jump

Apf and more security

Reply Post New Thread In Hosting Security and Technology Subscription
Send news tip View All Posts Thread Tools Search this Thread Display Modes
Web Hosting Master
Join Date: Aug 2002
Posts: 1,632

Apf and more security


i have install on my servers APF and now i would add more security for my connection packet, i will disable aslo ping icmp as below, do u have any other addon that i can do?

/etc/sysctl.conf, add

# disable packet forwarding
net.ipv4.ip_forward = 0
# enable source route verification
net.ipv4.conf.all.rp_filter = 1
# ignore broadcast pings
net.ipv4.icmp_echo_ignore_broadcasts = 1
# enable syn cookies
net.ipv4.tcp_syncookies = 1
# size of syn backlog
net.ipv4.tcp_max_syn_backlog = 512
# disable automatic defragmentation
# set max files
fs.file-max = 32768
# Enable IP spoofing protection, turn on Source Address Verification
net.ipv4.conf.all.rp_filter = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring ping request
net.ipv4.icmp_echo_ignore_all = 1

in /etc/rc.local, add

for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
echo 1 >
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
echo 0 >
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

in /etc/host.conf

# Lookup names via DNS first then fall back to /etc/hosts.
order bind,hosts
# We have machines with multiple IP addresses.
multi on
# Check for IP address spoofing.
nospoof on

In /etc/hosts.deny, the following line is added:



Sponsored Links
Join Date: Oct 2005
Posts: 19
We like to use's "block" list of top networks that have exhibited
suspicious activity.


Configure AntiDOS for APF
Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!

pico /etc/apf/ad/conf.antidos

There are various things you might want to fiddle with but I'll get the ones that will alert you by email.
# [E-Mail Alerts]
Under this heading we have the following:

# Organization name to display on outgoing alert emails
CONAME="Your Company"
Enter your company information name or server name..

# Send out user defined attack alerts [0=off,1=on]
Change this to 1 to get email alerts

# User for alerts to be mailed to
Enter your email address to receive the alerts

Save your changes! Ctrl+X then press Y
Restart the firewall: /usr/local/sbin/apf -r


NCL Hosting


Related posts from
Title Type Date Posted
Gartner: 75 Percent of Mobile Security Breaches through 2017 Result of App Misconfigurations Web Hosting News 2014-09-16 12:30:59
Bluebox Security Closes $18M Series B Funding Round Web Hosting News 2014-01-20 14:04:43
Trustwave Acquires Data Security Provider Application Security Inc. Web Hosting News 2013-11-11 12:49:52
Sophos Launches Cloud-Based Managed Security Service Web Hosting News 2013-10-29 17:53:59
WHMCS Security Issue Allows for Information Disclosure Web Hosting News 2013-10-25 09:30:46

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Log in with your username and password

Forgot Password?
WHT Host Brief Email:

We respect your privacy. We will never sell, rent, or give away your address to any outside party, ever.

Web Hosting News:
WHT Membership
WHT Membership



Welcome to

Create your username to jump into the discussion! is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.

(4 digit year)

Already a member?