Configuring iptables rules can be complex so APF firewall greatly simplifies working with it.
This tutorial explains how you can install and configure APF on CentOS 5.11 and CentOS 6.7, 32 and 64 Bit OS versions which lets you easily configure iptables to secure server.
First of all we will update server software:
|
1 |
yum update -y |
Now we will download, extract and install APF:
|
1 |
wget http://www.rfxn.com/downloads/apf-current.tar.gz && tar -zxvf apf-current.tar.gz && cd apf-* && sh ./install.sh |
APF configuration files are located in the /etc/apf/ folder on your server:
- conf.apf – file contains firewall configuration
- allow_hosts.rules – file contains whitelisted IP addresses
- deny_hosts.rules – file contains IPs that are being blocked
We will edit configuration file /etc/apf/conf.apf:
- IFACE_IN – Depending on your setup but is usually “venet0” or “eth0” interface (run ifconfig when not sure)
- IFACE_OUT – Same as IFACE_IN
- SET_MONOKERN – On OpenVZ and Virtuozzo VPS servers set this to “1” otherwise leave it to “0”
- IG_TCP_CPORTS – These are the INBOUND TCP ports you want to open. Open “22,80” 22 for SSH and 80 for HTTP
- IG_UDP_CPORTS – Open inbound UDP ports. Open “53” if you run a DNS server
Save file and restart APF:
|
1 |
apf -r |
If you are SURE that you have a working configuration open again configuration file /etc/apf/conf.apf and edit:
- DEVEL_MODE – Set this to “0”
Save file and restart APF:
|
1 |
apf -r |
We can use the following commands with APF:
- apf -s # start firewall
- apf -r # restart firewall
- apf -f # stop firewall
- apf -l # list statistics
- apf -st # status of firewall
- apf -a host # allow connections from “host”
- apf -d host # block connections from “host”
