Install APF (Advanced Firewall Policy)
APF also works with iptables so you must make sure iptables is installed
You can check the status of iptables with the command
service iptables status
and install it with the command
yum install iptables* -y
Now you can download & install APF
wget http://www.rfxn.com/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-9*
./install.sh
Open the configuration file for editing:
nano -w /etc/apf/conf.apf
All the options are well commented. You can either leave them at their default values or make them more stringent: Optimally you should change:
– RAB=”0″ to RAB=”1″
– RAB_PSCAN_LEVEL=”2″ to RAB_PSCAN_LEVEL=”3″
– DLIST_PHP=”0″ to DLIST_PHP=”1″
– DLIST_SPAMHAUS=”0″ to DLIST_SPAMHAUS=”1″
– DLIST_DSHIELD=”0″ to DLIST_DSHIELD=”1″
In HELPER_SSH_PORT=”22″ you must change the port number if you changed in the sshd_config file
A similar change has to be made in IG_TCP_CPORTS=”22″
Change the testing flag DEVEL_MODE=”1″ to DEVEL_MODE=”0″
Restart the APF Firewall
/usr/local/sbin/apf -r
and enable it to start on booting the server
chkconfig --add apf
chkconfig --level 345 apf on
[…] (c) Install APF Firewall; […]