What firewall to use?

[erick_paper]

Hi. For the longest time I had only iptables and dos_deflate. Then I had some server attacks and my hosting company (managed dedicated) installed APF. The attacks are now gone and server is running okay, but many people are saying that they cannot access my website at all.

So I did an "apf -l" to see what rules are getting DROPped. It has several IP ranges, which I have not entered! My hosting company tells me these are default apf rules. How can I disable them, is it advisable to disable them?

What do people on these forums use? I tried "CSF" but that too was making the server very slow and taking too many resources, so I made it go away.

Much appreciate any tips and advice. Thanks!

[Infopro]

Might want to 'make it come back' that's a really good firewall, IMHO.

[erick_paper]

Great thanks. But it has default rules that are blocking my users. How can I disable "default rules" in apf?

[david510]

The default rules in the apf are fine. It will not block any legitimate IP ranges. If your customers have issue with viewing the site, ask them for the IP and unblock them in the firewall.

[Infopro]

Great thanks. But it has default rules that are blocking my users. How can I disable "default rules" in apf?

CSF does take a bit of getting used to and some tweaking to get it setup correctly for your specific server. The docs are fine, the forums over at ConfigServer Scripts Forum - Powered by vBulletin have many answered questions and pinned topics to assist as well.

As chirpy himself might say, RTFM. And I mean that in the nicest way.
He's got a great product and gone out of his way to spell out how to solve issues and make changes as needed. You only need to go read up on things a bit more over there and I'm sure you'll be able to solve your problems on your own in no time.

If someone is getting blocked with a default CSF setup, they're most likely doing something incorrectly and need your help to solve it. You'll do that by reading the emails sent from CSF telling you what happened.

With that Info you can make adjustments to your setup via the nice GUI he's made for us all in your WHM.

GL

[d_t]

My vote for CSF. It's a great firewall and more than that. It's easy to install and customize, but the configuration interface is a little bit spartan. It may (temporarely) block legitimate IPs if users do strange things (ex. try to log in with wrong password several times). But this is good

[KrystalS]

The default rules in the apf are fine. It will not block any legitimate IP ranges. If your customers have issue with viewing the site, ask them for the IP and unblock them in the firewall.

The latest version of APF does actually block some legitimate IP ranges, I can't remember what they are off by hand by maybe 172.* 173.* and some in the 90 range too I think.

you can remove these in one of the config files inside the apf folder

[KrystalS]

or another fix :

edit conf.apf and change:

RD_URL="r-fx.ca/downloads/reserved.networks" # reserved.networks url

to:

RD_URL="www.cymru.com/Documents/bogon-bn-nonagg.txt" # reserved.networks url

[DomineauX]

The valid networks being blocked are bogon networks and the apf list isn't up to date.

I replace:
RD_URL="r-fx.ca/downloads/reserved.networks"

in /etc/apf/conf.apf with the following:

RD_URL="www.cymru.com/Documents/bogon-bn-nonagg.txt"

[DomineauX]

Hah KrstalS you beat me to it!