The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Installing APF Firewall

Discussion in 'General Discussion' started by billau, Jul 30, 2004.

  1. billau

    billau Well-Known Member

    Dec 24, 2003
    Likes Received:
    Trophy Points:
    Brisbane, Australia
    Follow these instructions to perform a new install of APF.

    1. Make /usr/src the current working directory.
    cd /usr/src

    2. Fetch the most curent verison of APF.

    3. Expand the APF tar.gz file.
    tar -xvzf apf-current.tar.gz

    4. Remove the tar.gz file.
    rm -f apf-current.tar.gz

    5. Locate the APF directory.
    ls -la

    Look for a directory named apf-#.#/ where #.# represents the version of APF being installed (APF version 0.8.7 would be in a directory apf-0.8.7/ and version 0.9 would be in a directory named apf-0.9).

    6. Make the APF directory the current working directory.
    cd apf-0.9

    Use the directory name you located in step 5.
    Note that the numbers will change as new versions are released.

    7. Run the APF install.
    sh ./

    8. Make /etc/apf the current working directory.
    cd /etc/apf

    9. Edit the conf.apf file as desired.
    pico -w conf.apf

    A very important part of this firewall you have to edit is the ports. These ports will allow services such as mail, ftp, and ssh come in and out of the server. If you have changed any ports, please modify them below and add/remove as needed.


    # Common TCP Ports
    TCP_CPORTS=" 21,22,25,26,53,80,110,143,443,2082,2083,2086,2087,
    2095,2096,19638" // please note that ports 2082 to port 2095 is mostly used by cpanel, and port 19638 is only use in ensim.

    # Common UDP Ports


    Note that you must set the DEVM parameter to "0" BUT only after full testing of the firewall. What DEVM does is that once you start APF with DEVM to 1, it will set a cron job to stop APF in 5 minutes so you don't end up locking yourself out.

    Turn on Anti-DOS, and the block list for added security.

    10. Start APF.
    ./apf -start
    service apf start

    Note: To stop or restart apf, use the "service apf restart/stop" commands.

    also more on APF @
    #1 billau, Jul 30, 2004
    Last edited: Jul 30, 2004
  2. Chew

    Chew Well-Known Member

    Dec 31, 2003
    Likes Received:
    Trophy Points:

Share This Page