The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

firewall recommendation

Discussion in 'General Discussion' started by cyberspirit, Jul 12, 2003.

  1. cyberspirit

    cyberspirit BANNED

    Joined:
    Jun 27, 2003
    Messages:
    293
    Likes Received:
    0
    Trophy Points:
    0
    Does anyone have recommendations for a good firewall that will work with cpanel/whm 7 and is easy to administrate?
    I did read some posts on other forums about kissmyfirewall but perhaps some of you have real life experience and can point me in the right direction.

    thanks!

    cPanel.net Support Ticket Number:
     
  2. kcdworks

    kcdworks Well-Known Member

    Joined:
    Jul 28, 2002
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
  3. MikeMc

    MikeMc Well-Known Member

    Joined:
    May 8, 2002
    Messages:
    161
    Likes Received:
    0
    Trophy Points:
    16
    I believe that APF need iptables to be modular (I think it's said that way) and not static, which isn't really a fact for all the servers. So it might not work unless you recompile your kernel :(

    cPanel.net Support Ticket Number:
     
  4. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    NO it should work without the need to recompile your kernel.

    The default kernel settings works.

    cPanel.net Support Ticket Number:
     
  5. MikeMc

    MikeMc Well-Known Member

    Joined:
    May 8, 2002
    Messages:
    161
    Likes Received:
    0
    Trophy Points:
    16
    Well I don't know the default kernel settings, but I know that APF didn't load on 2 of my servers. 2 different dedicated providers have answered me with what I said in my previous post. If you're right, then some providers should drop their jobs and I should recheck my apf installation, which I'm sure that I did and configured well.

    cPanel.net Support Ticket Number:
     
  6. mmkassem

    mmkassem Well-Known Member

    Joined:
    Oct 21, 2002
    Messages:
    390
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Egypt
    Is this RedHat ?

    cPanel.net Support Ticket Number:
     
  7. FWC

    FWC Well-Known Member

    Joined:
    May 13, 2002
    Messages:
    354
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Ontario, Canada
    APF will work fine with the Redhat kernel or any kernel with fairly complete iptables support. Most firewalls won't work unless the kernel has decent iptables support.

    cPanel.net Support Ticket Number:
     
  8. MikeMc

    MikeMc Well-Known Member

    Joined:
    May 8, 2002
    Messages:
    161
    Likes Received:
    0
    Trophy Points:
    16
    Yes.
    7.3 & 8.0
    (if I remember well on apf start command I was getting an error like unable to load iptables_module , not a specific module which could mean that a special iptables module is missing, but just a general "not able to load iptables_module". Iptables works fine on both servers so iptables is there. I had not enabled any special APF functions like antidos, or snort(....something) so no special iptables modules were really necessary.).

    If anyone has any ideas. Thanks

    cPanel.net Support Ticket Number:
     
  9. perlchild

    perlchild Well-Known Member

    Joined:
    Sep 1, 2002
    Messages:
    279
    Likes Received:
    0
    Trophy Points:
    16
    You probably had some ipchains firewall loaded from a previous install, it happened to me before
    try to rmmod ipchains and load apf again

    I've used shorewall on a redhat machine with cpanel with no problems myself

    cPanel.net Support Ticket Number:
     
  10. zwc

    zwc Registered

    Joined:
    Aug 17, 2003
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    How Install the APF Firewall

    Any can help me about the steps for install the APF Firewall??

    Tks.
    ZWC

    cPanel.net Support Ticket Number:
     
  11. cyberspirit

    cyberspirit BANNED

    Joined:
    Jun 27, 2003
    Messages:
    293
    Likes Received:
    0
    Trophy Points:
    0
    I actually decided to run kiss my firewall because it is a script that is easy to administrate and uses iptables to configure the system. so far I have had good experience with it.

    cPanel.net Support Ticket Number:
     
  12. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
  13. racomnet

    racomnet BANNED

    Joined:
    Oct 6, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    0
    hello
    Have you try with this parameter ?

    # Support Monolithic kernel builds [no LKM's]. This mode of operation is
    # not really supported and you use at your own risk.
    MONOKERN="1"
     
  14. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    yes.
    apf apparently works fine , but on my apf history I had several clients
    reporting connection problems , ftp slow connectivity and similar

    When I started to use shorewall all works perfectly , I strongly reccomend it
     
  15. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I've also suffered quite a few problems with clients using APF of late. That said, the newest version 0.9.6-2 appears at the moment to be more stable, 0.9.5 was not. Haven't played with shorewall (but will do now ;)).
     
  16. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Although some of our clients use APF and BFD, we do NOT use them with any of our own servers, for various technical reasons. If you need to use another firewall with you server, go with whatever provided by your NOC. The vast majority of NOCs provide different firewalls for thier clients.
     
  17. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    usually these solutions expensive ... for now I prefer to use shoreline (shorewall)
     
Loading...

Share This Page