Thread: Quick APF question
01-09-2007, 04:58 PM #1Junior Guru Wannabe
- Join Date
- Apr 2004
Quick APF question
I`ve read this about allowing certain IPs access to the server
More advanced: /etc/apf/allow_hosts.rules
10. As a safety precaution, you might want to add your ip to the '/etc/apf/allow_hosts.rules' file.
Open the file in your favorite editor.
11. Add the ip of your computer to the end of the file. This will cause all traffic to and from that ip not to be filtered. You can also add the ip's of other servers.
If you want to specify what kind of traffic to allow from those ips that is not covered with the current firewall rules (ie. you blocked all traffic to SSH and only want a few ips to be able to access the SSH port), then this is the format you would use:
Protocol : direction/flow : source/destination port : s/d ip
[tcp/udp] : [in/out] : [s=/d=]PORT : [s=/d=]IP
Ex (let the ip 192.168.0.100 access to port 22):
What I`d like to know is if its possible to put an IP range in there instead of just one ip address
such as you specify a range in the conf.apf file upon setup
where 99_123 is the port range
Thanks for your help
01-09-2007, 05:27 PM #2
Yes, you can use a range of IP's
If you want to allow all IP's in 192.168.1.0 network, that is from 192.168.1.1 to 192.168.1.255 you can use 192.168.1.0/24
To understand the correct network range, you can use CIDR/Netmask in dnsstuff.
I hope this will help.
01-10-2007, 06:37 PM #3Disabled
- Join Date
- Jun 2005
From following command you can add IP in the apf
./apf -a <IP> UNBLOCKING
and pico /etc/apf/allow_hosts.rules here you can see the IP is added in the allow hosts list
# added <IP> on 08/23/05 01:39:43