Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

APF firewall - slight problem...

Discussion in 'General Discussion' started by jez9999, Apr 30, 2006.

  1. jez9999

    jez9999 Well-Known Member

    Jun 10, 2005
    Likes Received:
    Trophy Points:
    OK, I've installed APF firewall and now the correct iptables modules seem to have been installed for it. When I run apf --start, it's setting up iptables correctly... except for one thing.

    iptables -L is telling me that the default policy for the INPUT, FORWARD and OUTPUT chains is 'ACCEPT'. Now, I'm no iptables expert, but that seems pretty useless for a firewall to me. Doesn't that mean that any port I don't explicitly ban will be allowed, ie. a blacklisting policy?

    My ability to connect to port 2095 on my server, a port I hadn't put in the common ingress ports list in the APF config file, would seem to confirm this assumption.

    I want a whitelist-based firewall. Is there a way to get APF to do this? Preferably not having to manually access iptables myself? (I thought the point of APF was to hide the complexity of iptables from you!)
  2. xerophyte

    xerophyte Well-Known Member

    Mar 16, 2003
    Likes Received:
    Trophy Points:
    we use shorewall :), but i have notice that, looks like it has another rule which blockd the traffic on all the ports other than on the allowed list.

    But but we don't use match, shorewall is really matured iptable firewall.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice