The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

APF firewall - slight problem...

Discussion in 'General Discussion' started by jez9999, Apr 30, 2006.

  1. jez9999

    jez9999 Well-Known Member

    Joined:
    Jun 10, 2005
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    OK, I've installed APF firewall and now the correct iptables modules seem to have been installed for it. When I run apf --start, it's setting up iptables correctly... except for one thing.

    iptables -L is telling me that the default policy for the INPUT, FORWARD and OUTPUT chains is 'ACCEPT'. Now, I'm no iptables expert, but that seems pretty useless for a firewall to me. Doesn't that mean that any port I don't explicitly ban will be allowed, ie. a blacklisting policy?

    My ability to connect to port 2095 on my server, a port I hadn't put in the common ingress ports list in the APF config file, would seem to confirm this assumption.

    I want a whitelist-based firewall. Is there a way to get APF to do this? Preferably not having to manually access iptables myself? (I thought the point of APF was to hide the complexity of iptables from you!)
     
  2. xerophyte

    xerophyte Well-Known Member

    Joined:
    Mar 16, 2003
    Messages:
    216
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Canada
    we use shorewall :) www.shorewall.net, but i have notice that, looks like it has another rule which blockd the traffic on all the ports other than on the allowed list.

    But but we don't use match, shorewall is really matured iptable firewall.
     
Loading...

Share This Page