Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2002

    Apf and more security


    i have install on my servers APF and now i would add more security for my connection packet, i will disable aslo ping icmp as below, do u have any other addon that i can do?

    /etc/sysctl.conf, add

    # disable packet forwarding
    net.ipv4.ip_forward = 0
    # enable source route verification
    net.ipv4.conf.all.rp_filter = 1
    # ignore broadcast pings
    net.ipv4.icmp_echo_ignore_broadcasts = 1
    # enable syn cookies
    net.ipv4.tcp_syncookies = 1
    # size of syn backlog
    net.ipv4.tcp_max_syn_backlog = 512
    # disable automatic defragmentation
    # set max files
    fs.file-max = 32768
    # Enable IP spoofing protection, turn on Source Address Verification
    net.ipv4.conf.all.rp_filter = 1
    # Enable TCP SYN Cookie Protection
    net.ipv4.tcp_syncookies = 1
    # Enable ignoring ping request
    net.ipv4.icmp_echo_ignore_all = 1

    in /etc/rc.local, add

    for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
    echo 1 >
    echo 1 > /proc/sys/net/ipv4/tcp_syncookies
    for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
    echo 0 >
    echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
    echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

    in /etc/host.conf

    # Lookup names via DNS first then fall back to /etc/hosts.
    order bind,hosts
    # We have machines with multiple IP addresses.
    multi on
    # Check for IP address spoofing.
    nospoof on

    In /etc/hosts.deny, the following line is added:



  2. #2
    We like to use's "block" list of top networks that have exhibited
    suspicious activity.
    FIND: USE_DS="0"


    Configure AntiDOS for APF
    Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
    The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!

    pico /etc/apf/ad/conf.antidos

    There are various things you might want to fiddle with but I'll get the ones that will alert you by email.
    # [E-Mail Alerts]
    Under this heading we have the following:

    # Organization name to display on outgoing alert emails
    CONAME="Your Company"
    Enter your company information name or server name..

    # Send out user defined attack alerts [0=off,1=on]
    Change this to 1 to get email alerts

    # User for alerts to be mailed to
    USR="[email protected]"
    Enter your email address to receive the alerts

    Save your changes! Ctrl+X then press Y
    Restart the firewall: /usr/local/sbin/apf -r


    NCL Hosting

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts