The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What firewall to use?

Discussion in 'General Discussion' started by erick_paper, Sep 10, 2009.

  1. erick_paper

    erick_paper Well-Known Member

    Joined:
    Apr 19, 2005
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Hi. For the longest time I had only iptables and dos_deflate. Then I had some server attacks and my hosting company (managed dedicated) installed APF. The attacks are now gone and server is running okay, but many people are saying that they cannot access my website at all.

    So I did an "apf -l" to see what rules are getting DROPped. It has several IP ranges, which I have not entered! My hosting company tells me these are default apf rules. How can I disable them, is it advisable to disable them?

    What do people on these forums use? I tried "CSF" but that too was making the server very slow and taking too many resources, so I made it go away.

    Much appreciate any tips and advice. Thanks!
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Might want to 'make it come back' that's a really good firewall, IMHO.
     
  3. erick_paper

    erick_paper Well-Known Member

    Joined:
    Apr 19, 2005
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Great thanks. But it has default rules that are blocking my users. How can I disable "default rules" in apf?
     
  4. david510

    david510 Well-Known Member

    Joined:
    Aug 22, 2004
    Messages:
    473
    Likes Received:
    0
    Trophy Points:
    16
    The default rules in the apf are fine. It will not block any legitimate IP ranges. If your customers have issue with viewing the site, ask them for the IP and unblock them in the firewall.
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,482
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    CSF does take a bit of getting used to and some tweaking to get it setup correctly for your specific server. The docs are fine, the forums over at ConfigServer Scripts Forum - Powered by vBulletin have many answered questions and pinned topics to assist as well.

    As chirpy himself might say, RTFM. And I mean that in the nicest way. :p
    He's got a great product and gone out of his way to spell out how to solve issues and make changes as needed. You only need to go read up on things a bit more over there and I'm sure you'll be able to solve your problems on your own in no time.

    If someone is getting blocked with a default CSF setup, they're most likely doing something incorrectly and need your help to solve it. You'll do that by reading the emails sent from CSF telling you what happened.

    With that Info you can make adjustments to your setup via the nice GUI he's made for us all in your WHM. :)

    GL
     
    #5 Infopro, Sep 11, 2009
    Last edited: Sep 11, 2009
  6. d_t

    d_t Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    243
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Bucharest
    csf +1

    My vote for CSF. It's a great firewall and more than that. It's easy to install and customize, but the configuration interface is a little bit spartan. It may (temporarely) block legitimate IPs if users do strange things (ex. try to log in with wrong password several times). But this is good :)
     
  7. KrystalS

    KrystalS Active Member

    Joined:
    Mar 15, 2004
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    UK
    The latest version of APF does actually block some legitimate IP ranges, I can't remember what they are off by hand by maybe 172.* 173.* and some in the 90 range too I think.

    you can remove these in one of the config files inside the apf folder
     
  8. KrystalS

    KrystalS Active Member

    Joined:
    Mar 15, 2004
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    UK
    or another fix :

    edit conf.apf and change:

    RD_URL="r-fx.ca/downloads/reserved.networks" # reserved.networks url

    to:

    RD_URL="www.cymru.com/Documents/bogon-bn-nonagg.txt" # reserved.networks url
     
  9. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    414
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    The valid networks being blocked are bogon networks and the apf list isn't up to date.

    I replace:
    RD_URL="r-fx.ca/downloads/reserved.networks"

    in /etc/apf/conf.apf with the following:

    RD_URL="www.cymru.com/Documents/bogon-bn-nonagg.txt"
     
  10. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    414
    Likes Received:
    4
    Trophy Points:
    18
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Hah KrstalS you beat me to it!
     
Loading...

Share This Page