thewebhosting

Well-Known Member
May 9, 2008
1,201
1
68
We are having APF firewall installed on our Linuxservers. Are there any other better firewalls to run on RHEL? what about configserver?
 

shital

Member
May 28, 2007
11
0
151
Hello,

You can BFD firewall on server.

BFD installation
============

wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

tar -xvzf bfd-current.tar.gz

cd bfd-0.9/

./install.sh

Configuration Steps
==============

vi /usr/local/bfd/conf.bfd

Find : ALERT_USR="0" CHANGE TO: ALERT_USR="1"

Find : EMAIL_USR="root" CHANGE TO: EMAIL_USR="[email protected]"

Prevent locking yourself out
=====================

vi pico -w /usr/local/bfd/ignore.hosts

add your own trusted IP's Eg : 192.168.8.1

BFD uses APF' cli insert feature and as such will override any allow_hosts.rules entries users have in-place. So be sure to add your trusted ip addresses to the ignore file to prevent locking yourself out.

To run the program
===============

/usr/local/sbin/bfd -s


Also you can install CSF (Config Server Firewall)

=========================================
Below is a description how to install CSF (Config Server Firewall)

I. Installation
Installation is quite straightforward:

rm -fv csf.tgz
wget www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

If you would like to disable APF+BFD (which you will need to do if you have
them installed otherwise they will conflict horribly):

sh disable_apf_bfd.sh

That's it. You can then configure csf and lfd in WHM, or edit the files
directly in /etc/csf/*

csf is preconfigured to work on a cPanel server with all the standard cPanel
ports open. It also auto-configures your SSH port if it's non-standard on
installation.

You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS
servers have this disabled and you should check /etc/init.d/syslog and make
sure that any klogd lines are not commented out. If you change the file,
remember to restart syslog.

II. Uninstallation
Removing csf and lfd is even more simple:

cd /etc/csf
sh uninstall.sh

Regards,
Shital