How to Secure your Server :: Install a firewall (APF)

To install APF SSH into server and login as root.

At command prompt type: cd /root/

type: wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

type: tar -xvzf apf-current.tar.gz

type: rm -f apf-current.tar.gz

type: cd apf-0.9.4-6

type: sh ./install.sh

After APF has been installed, you need to edit the configuration file.

At command prompt type: cd /etc/apf
Then type pico -w conf.apf

Scroll down and find

USE_DS="0"

change it to

USE_DS="1"

Now scroll down and configure the Ports. The following ports are required for CPanel Servers for example - this may not be exactly what you need, but you can change the list to what you do need.

Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,465,953,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,3000_3500"

Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53,6277"

Common ICMP (inbound) types
IG_ICMP_TYPES="3,5,11,0,30,8"

Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,37,53,80,110,113,#123,443,43,873,953,2089,2703,3306"

Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,873,953,6277"

Common ICMP (outbound) types
EG_ICMP_TYPES="all"

Save the changes then exit. To restart APF type: /usr/local/sbin/apf -s

Open a new SSH Session to the server

After you are sure everything is working fine, change the DEV option

At command prompt type: cd /etc/apf

At command prompt type: pico -w conf.apf


Scroll down and find

DEVM="1"

change it to

DEVM="0"


Save changes, exit and then restart firewall,

At command prompt type: /usr/local/sbin/apf -r