Quick n' Dirty APF Firewall (IPTables) Setup/Installation
From TekPedia
This guide was written based on a CentOS 4 VPS. I'm sure the device names and commands may be different with other OS's. Hope this is helpful!
Contents |
[edit] Install APF Firewall
Home Page: http://rfxnetworks.com/apf.php
[edit] Download and Install
Download:
Extract:
- tar -xzvf apf-current.tar.gz
- cd apf-X.X
Install:
- ./install
[edit] Configure
- cd /etc/apf
- vi conf.apf
[edit] Important configuration Options
- DEVEL_MODE="1" -- Leave DEVEL_MODE enabled until you are SURE that you have a working configuration. This option will flush/clear your firewall every 5 minutes, so if you lock yourself out, just wait 5 minutes and you can get back in :)
[edit] Config Options Specific to TekTonic VPS Systems
- SET_MONOKERN="1" -- This option normally does not need to be enabled, BUT, on a TekTonic VPS instance, it MUST be enabled (at least on CentOS4). Without this enabled, APF will complain that it can't find the iptables module and will abort immediately.
- IFACE_IN -- Set to "venet0" or whatever you see in the output of the "ifconfig" command.
- IFACE_OUT -- Same as IFACE_IN.
[edit] General Config Options
- IG_TCP_CPORTS -- These are the INBOUND TCP ports you want to open. Separate the values with space, E.g. "22 80 443" would open SSH, HTTP, and HTTPS
- IG_UDP_CPORTS -- These are the INBOUND UDP ports you want open. E.g. "53" if you run a DNS server.
- EG_TCP_CPORTS -- These are the OUTBOUND TCP ports you want to open. By default, ALL outbound connections are allowed, but if you enable EGF="1", then outbound will be restricted as well. I highly recommend this for a more secure system.
- EG_UDP_CPORTS -- These are the OUTBOUND UDP ports you want open. Same comment as above EG_TCP_CPORTS.
