Archive for the ‘Firewall’ Category

How to Disable and Uninstall APF Firewall Script

Type the following commands:

# service iptables stop
# chkconfig apf off
# /bin/rm -rfv /etc/apf
# /bin/rm -fv /etc/cron.daily/fw
# /bin/rm -fv /etc/init.d/apf
# iptables -L -n

This article demonstrates how to install and configure the CSF (configserver) firewall. CSF can be used on a wide range of Linux systems, including those running cPanel.

First of all if you have APF + BFD you will need to disable it, you can use the following command to do so:

sh disable_apf_bfd.sh

You can use the following commands to install the CSF (configserver) firewall.

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar zxf csf.tgz
cd csf
sh install.sh

To add IP address in to deny list

csf -d xxx.xxx.xxx.xxx

To add IP address in to allow list

csf -a xxx.xxx.xxx.xxx

How to restart csf firewall

csf -r

How to stop csf firewall

csf -x

Path of CSF configuration file on cPanel server

/etc/csf/csf.conf

Path of denied IP addresses file in CSF

/etc/csf/csf.deny

Path of allowed IP address file in CSF

/etc/csf/csf.allow

How to add IP address in to ignorelist

login to shell then add IP address in to /etc/csf/csf.ignore

How to find IP address blocked in temporary ban.

grep xxx.xxx.xxx.xxx /etc/csf/csf.tempban

APF i.e. Advanced Policy Firewall based iptables firewall system. APF is developed and maintained by R-fx Networks: http://www.rfxnetworks.com/apf.php

Following are the installing steps for APF firewall.

1) SSH to server as ROOT.

2) mkdir APF and  change directory to APF

3) wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

4) tar -xvzf apf-current.tar.gz

5) cd apf-0.9.5-1/ or whatever the latest version is.

6) Run the install file: ./install.sh
You will receive a message saying it has been installed

Installing APF 0.9.5-1: Completed.

Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/

7) Lets configure the firewall: nano /etc/apf/conf.apf

8) Configuring Firewall Ports:

Cpanel Servers
We like to use the following on our Cpanel Servers

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500″
#
#
Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF=”1″

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43,2089″

# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″

8) Starting the firewall.
/usr/local/sbin/apf -s

Other commands:
usage ./apf [OPTION]
apf -s     ……………………. load firewall policies
apf -r   ……………………. flush & load firewall
apf -f   ……………………. flush firewall
apf -l   …………………….. list chain rules
apf -st ……………………. firewall status

Adding ip into allowed list of firewall i.e allow_hosts.rules
apf -a  ipaddress

Adding ip to deny list of firewall i.e deny_hosts.rules
apf -d ipaddress

9) After everything is fine, change the DEV option

Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to “0″ after you’ve had a chance to ensure everything is working well and tested the server out.

pico /etc/apf/conf.apf

FIND: DEVM=”1″
CHANGE TO: DEVM=”0″

10. Checking the APF Log

Will show any changes to allow and deny hosts among other things.
tail -f /var/log/apf_log

Example output:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123
Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123

11. New – Make APF Start automatically at boot time
To autostart apf on reboot, run this:

chkconfig –level 2345 apf on

To remove it from autostart, run this:

chkconfig –del apf

Note:

1) apf –help will display you all apf help.

2) If you are installing APF on VPS make sure to edit and make following changes.

/etc/apf/conf.apf

IFACE_IN= venet0
IFACE_OUT= venet0

3) /etc/init.d/apf start