CartMetrix - Do you know yours?

« Insouciant | Home | Consternation »

8/29/2005

Easy APF Firewall Setup

Running a server with no firewall exposes every network port on the box to potential misuse. Without a firewall, an administrator must know what ports are enabled and what is running on each of them to be sure the server is locked down. A firewall provides the added layer of protection of being able to close all ports from one configuration file. Server security works best with a multi-layered approach instead of relying on a single point of failure. Many firewall applications also have the ability to limit access from certain locations in case of an undue amount of traffic coming from a single IP address

A good, simple firewall that works on most servers is Advanced Policy Firewall (APF) from rfxNetworks.

APF can easily be configured to block all unused incoming and outgoing ports using these directions:

cd /usr/local/src
wget http://rfxnetworks.com/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-0.*
./install.sh

Now edit config file conf.apf with the following:

pico -w /etc/apf/conf.apf

Scroll down to the "Common ingress (inbound) TCP ports section. Find the configuration below that matches your system and update the configuration values.

Generic Linux

IG_TCP_CPORTS="21,22,25,53,80,110,143,443"
IG_UDP_CPORTS="53"
EGF="1"
EG_TCP_CPORTS="21,22,25,53,80,110,443"
EG_UDP_CPORTS="20,21,53"

cPanel

IG_TCP_CPORTS="20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096"
IG_UDP_CPORTS="21,53,873"
EGF="1"
EG_TCP_CPORTS="21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089"
EG_UDP_CPORTS="20,21,37,53,873"

Ensim

IG_TCP_CPORTS="21,22,25,53,80,110,143,443,19638"
IG_UDP_CPORTS="53"
EGF="1"
EG_TCP_CPORTS="21,22,25,53,80,110,443"
EG_UDP_CPORTS="20,21,53"

Plesk

IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,8443"
IG_UDP_CPORTS="37,53,873"
EGF="1"
EG_TCP_CPORTS="20,21,22,25,53,37,43,80,113,443,465,873"
EG_UDP_CPORTS="53,873"

If other daemons are configured for the server (such as Webmin or Urchin) these ports will need to be opened up in the IG_TCP_CPORTS line. Check each packages configuration to see which port it uses.

Save the file with CTRL-X and start APF:

apf -s

By default, APF is configured in development mode, meaning all rules are flushed every five minutes. If the firewall is improperly configured all access may be locked out. Development limits the time of lockout to the five minute flush interval. Development mode is especially important when configuring the advanced options not covered here.

After the rules have been successfully tested (15-30 minutes), development mode disable by setting the following in conf.apf:

DEVM="0"

Restart APF and you are done:

apf -r

APF also has many optional advanced features. It can be configured to lookup a connection request's IP address in a database of known problem blocks and deny access from that IP. It can also has anti-DOS (denial of service) features that can be used to automatically drop connection requests from addresses that are trying to connection too many times or too quickly.

Popularity: 13% [?]

» date: 29-Aug-05 15:23:40 CDT
» cat: SysAdmin
» popularity:
» actions: comments + respond + trackback + feed + email article
» pages: linking posts
» previous: Insouciant
» next: Consternation

Trackback:

Post your opinion

Verification Image

Please type the letters you see in the picture.

Subscribe without commenting


damonparker.org is proudly powered by WordPress
Entries (RSS) and Comments (RSS).

copyright © 2002-2009 damonparker.org. all rights reserved.