APF
APF是Linux服务器常用的免费防火墙。
APF安装
- 下载APF源码
# wget http://www.rfxn.com/downloads/apf-current.tar.gz
- 解压缩
# tar -xvzf apf-current.tar.gz
- 进入 APF目录
# cd apf-0.9.7-1/ or whatever the latest version is.
- 运行安装文件
# ./install.sh
APF配置
- 修改配置文件
# pico /etc/apf/conf.apf
- 端口设置 (INGRES).
- cPanel的设置
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=" 20,21,22,25,26,53,80,110,143,443,465,993,995,2082,
2083,2086,2087,2095,2096,3306,6666"\
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="21,53,465,873"
- DirectAdmin 面板的设置
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=" 21,22,25,53,80,110,111,143,443,587953,2222,3306,32769"
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53,111,631,724,5353,32768,32809"
- 让APF监控外出流量
Change the line: EGF=”0″ to EGF=”1″
- Tell APF what ports to monitor
- Common egress (outbound) TCP ports (for Cpanel servers)
EG_TCP_CPORTS="21,22,25,26,37,43,53,80,110,113,443,465,873,2089,3306"
- Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,465,873"
- Common ICMP (outbound) types
- 'internals/icmp.types' for type definition; 'all' is wildcard for any
EG_ICMP_TYPES="all"
- Save your changes! Ctrl+X then press Y
- Start APF
- /usr/local/sbin/apf -s
- If all works edit the config file and change the developer mode to 0
- pico /etc/apf/conf.apf
Change DEVM=”1″ to DEVM=”0″
Save your changes! Ctrl+X then press Y
- 重启 APF
# /usr/local/sbin/apf -r
- 查看APF Log
Will show any changes to allow and deny hosts among other things. tail -f /var/log/apf_log
Example output:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123 Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123
- 让APF随服务器自动启动
To autostart apf on reboot, run this: chkconfig --level 2345 apf on
To remove it from autostart, run this: chkconfig --del apf
- 通过APF禁止IP
Now that you have your shiny new firewall you probably want to block a host right, of course you do! With this new version APF now supports comments as well. There are a few ways you can block an IP, I’ll show you 2 of the easier methods.
A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES > The -d flag means DENY the IP address > IPHERE is the IP address you wish to block > COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked These rules are loaded right away into the firewall, so they’re instantly active. Example:
./apf -d 185.14.157.123 TESTING
pico /etc/apf/deny_hosts.rules
Shows the following:
# added 185.14.157.123 on 08/23/05 01:25:55 # TESTING 185.14.157.123
B) pico /etc/apf/deny_hosts.rules
You can then just add a new line and enter the IP you wish to block. Before this becomes active though you’ll need to reload the APF ruleset.
/etc/apf/apf -r
- 设置许可IP(Unblocking)
I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.
A) pico /etc/apf/deny_hosts.rules
Find where the IP is listed and remove the line that has the IP. After this is done save the file and reload apf to make the new changes active.
/etc/apf/apf -r
B) If the IP isn’t already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules
/etc/apf/apf -a IPHERE COMMENTHERENOSPACES > The -a flag means ALLOW the IP address > IPHERE is the IP address you wish to allow > COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they’re instantly active. Example:
./apf -a 185.14.157.123 UNBLOCKING
pico /etc/apf/allow_hosts.rules
# added 185.14.157.123 on 08/23/05 01:39:43 # UNBLOCKING 185.14.157.123
APF常用操作命令
apf -s # 启动APF防火墙
apf -r # 重启APF防火墙
apf -f # 刷新APF防火墙配置文件
apf -l # 列出APF的配置信息,与iptables -nL类似
apf -st # APF信息统计。主要包括白名单,黑名单信息。
apf -a IP地址/IP段(FQDN) "注释" # 将IP/IP段添加到白名单
apf -d IP地址/IP段(FQDN) "注释" # 将IP/IP段添加到黑名单
apf -u # 将IP/IP段从白/黑名单中删除