Results 1 to 3 of 3
  1. #1
    Join Date
    Apr 2004

    Quick APF question


    I`ve read this about allowing certain IPs access to the server

    More advanced: /etc/apf/allow_hosts.rules
    10. As a safety precaution, you might want to add your ip to the '/etc/apf/allow_hosts.rules' file.

    Open the file in your favorite editor.
    11. Add the ip of your computer to the end of the file. This will cause all traffic to and from that ip not to be filtered. You can also add the ip's of other servers.

    If you want to specify what kind of traffic to allow from those ips that is not covered with the current firewall rules (ie. you blocked all traffic to SSH and only want a few ips to be able to access the SSH port), then this is the format you would use:

    Protocol : direction/flow : source/destination port : s/d ip
    [tcp/udp] : [in/out] : [s=/d=]PORT : [s=/d=]IP

    Ex (let the ip access to port 22):

    tcp:in:d=22: s=

    What I`d like to know is if its possible to put an IP range in there instead of just one ip address

    such as you specify a range in the conf.apf file upon setup


    tcp:in:d=99_123: s=

    where 99_123 is the port range

    Thanks for your help

  2. #2
    Join Date
    Oct 2004
    Kerala, India
    Yes, you can use a range of IP's
    If you want to allow all IP's in network, that is from to you can use
    To understand the correct network range, you can use CIDR/Netmask in dnsstuff.
    I hope this will help.
    David |
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3

    From following command you can add IP in the apf

    ./apf -a <IP> UNBLOCKING

    and pico /etc/apf/allow_hosts.rules here you can see the IP is added in the allow hosts list

    # added <IP> on 08/23/05 01:39:43

    Thank you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts