The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

apf firewall

Discussion in 'General Discussion' started by VipGeek, Jun 30, 2007.

  1. VipGeek

    VipGeek Member

    Joined:
    Mar 31, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I love apf firewall. I just installed it the default way, nothing in crontab or anything. I have two issues with it.
    1. When I stop it sometime during the day it restarts,
    2. The main reason i'm stopping it is because it automatically blocks ip addresses. How do I stop it from automatically blocking ips or change the rules etc.

    THanks
     
  2. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    apf how-to docs

    in shell go into the apf directory: cd /etc/apf

    APF commands:
    usage ./apf [OPTION]
    -s|--start ......................... load firewall policies
    -r|--restart ....................... flush & load firewall
    -f|--flush|--stop .................. flush firewall
    -l|--list .......................... list chain rules
    -st|--status ....................... firewall status
    -a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and
    immediately load new rule into firewall
    -d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and
    immediately load new rule into firewall

    Allowing IPs with APF Firewall (Unblocking)

    I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.
    A)
    pico /etc/apf/deny_hosts.rules

    Find where the IP is listed and remove the line that has the IP.
    After this is done save the file and reload apf to make the new changes active.

    /etc/apf/apf -r

    B) If the IP isn't already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules

    /etc/apf/apf -a IPHERE COMMENTHERENOSPACES
    > The -a flag means ALLOW the IP address
    > IPHERE is the IP address you wish to allow
    > COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they're instantly active.
    Example:

    ./apf -a 185.14.157.123 UNBLOCKING

    pico /etc/apf/allow_hosts.rules

    # added 185.14.157.123 on 08/23/05 01:39:43
    # UNBLOCKING
    185.14.157.123





    Denying IPs with APF Firewall (Blocking)

    Now that you have your shiny new firewall you probably want to block a host right, of course you do! With this new version APF now supports comments as well. There are a few ways you can block an IP, I'll show you 2 of the easier methods.

    A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES
    > The -d flag means DENY the IP address
    > IPHERE is the IP address you wish to block
    > COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked
    These rules are loaded right away into the firewall, so they're instantly active.
    Example:

    ./apf -d 185.14.157.123 TESTING

    pico /etc/apf/deny_hosts.rules

    Shows the following:

    # added 185.14.157.123 on 08/23/05 01:25:55
    # TESTING
    185.14.157.123

    B) pico /etc/apf/deny_hosts.rules

    You can then just add a new line and enter the IP you wish to block. Before this becomes active though you'll need to reload the APF ruleset.

    /etc/apf/apf -r



    Special thanks goes to WebHostGear.com for this how to and the experts I borrowed to put up here...

    I found the WebHostGear.com how to on apf by going to google and typing

    apf how to

    http://www.google.com/search?client...annel=s&hl=en&q=apf+how+to&btnG=Google+Search

    First Result : http://www.webhostgear.com/61.html


    Welcome to the community- hope we can all help you - and even one day you help us :)
     
  3. VipGeek

    VipGeek Member

    Joined:
    Mar 31, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I know how to add remove, stop and start already. But its AUTO blocking if someone connects in too many times.
     
  4. fikse

    fikse Well-Known Member

    Joined:
    May 10, 2003
    Messages:
    112
    Likes Received:
    0
    Trophy Points:
    16
    did you install the BFD script as well? brute force detection?
     
  5. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA
    my suggestion is to remove APF and install chirpy's CSF. It's much easier, does more and is really designed for cPanel.
     
  6. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
  7. rpmws

    rpmws Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    1,824
    Likes Received:
    5
    Trophy Points:
    38
    Location:
    back woods of NC, USA

    it sure will and that's a good step in the right direction by itself some might argue :)
     
  8. expedio

    expedio Active Member

    Joined:
    Jun 30, 2007
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Need to be a bit careful with csf.

    If you accidentally run command 'iptables -F' on the server to flush firewall, it will lock your server out and it needs hard reboot.
     
Loading...

Share This Page