Current time: 12-24-2024, 10:35 PM Hello There, Guest! (LoginRegister)


Post Reply 
[How-To] APF Firewall and DDOS Deflate
Author Message
prale Offline
Junior Member
*

Posts: 92
Joined: Feb 2008
Reputation: 1
Post: #1
[How-To] APF Firewall and DDOS Deflate
Install APF:

Quote:What is APF?
Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file. The management of APF on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information and all the features one would expect from a current and forward thinking firewall solution.

APF is one of the best firewalls out there and is an important component in your server security. Every server should have a firewall installed !

How to install APF

Download the package and extract the files
wget http://www.r-fx.ca/downloads/apf-current.tar.gz
gzip -d apf-current.tar.gz
tar -xf apf-current.tar
cd apf-0.9.6-3/

Do the actual install
./install.sh

You will get something like

Installing APF 0.9.6-3: Completed.

Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/

Other Details:
Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306
Listening UDP ports: 53
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.

If you get a failure about the creation of /etc/init.d/apf, you can add the following string too the bottom of the
/etc/rc.local file:

sh -c "/etc/apf/apf -s" &


You have to configure the firewall now
vi /etc/apf/conf.apf

I will only show you the basic configuration. APF is a very powerful firewall and you should read every setting carefully.
We will limit inbound access ports. Locate in the /etc/apf/conf.apf the section “IG_TCP_CPORTS” and use the fallowing lines:

# Common inbound (ingress) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,587,783,993,995,2812,9876,10024,12525,60000"

# Common inbound (ingress) UDP ports
IG_UDP_CPORTS="20,21,53"

NOTE! This is what I use for most servers and should also work well with your server but I provide no guarantee! If you have a custom ssh port or you run a server on a different port you should add that to IG_TCP_CPORTS or to IG_UDP_CPORTS.

Now it’s time to test the configuration. Do a apf restart:
/etc/apf/apf -r


Now test to see if everything is ok and that you can access all your services just fine.
If everything is ok proceed to next step. You for some reason you get locked out just wait about 5 minutes as the firewall is set in test mode and will flash itself out after that period.
Go back and check all the settings and then restart apf again.

Finalize the install
If everything is ok after the initial tests you have to set APF into “production” mode.
Edit /etc/apf/conf.apf and change DEVEL_MODE=”1″ to DEVEL_MODE=”0″
Go ahead and restart apf one last time:

/etc/apf/apf -r

For more information about apf configuration please feel free to consult http://rfxnetworks.com/appdocs/README.apf
Please note that APF has a very nice log that you can check. For example you can tail the last 10 rows for this files

tail -10 /var/log/apf_log

If you what to deny IP 1.2.3.4 you have to run the command:

apf -d 1.2.3.4 RESON

Unbanning an IP can by done by running:

apf -u 1.2.3.4

Also banning and unbanning can be done by editing the file /etc/apf/deny_hosts.rules

vi /etc/apf/deny_hosts.rules

After you do any changes don’t forget to restart APF

/etc/apf/apf -r


DDOS Deflate:
Quote:What is DOS-Deflate?

(D)DoS Deflate is a shell script developed by Zaf, originally for use on MediaLayer servers to assist in combating denial of service attacks. However, it was seen to be very effective for our purpose, and therefore was released as a contribution to the web hosting community. (D)DoS Deflate is now used by not only many web hosts, but by many people who run their own servers looking for additional security in dealing with such attacks.

How to install

Installing DOS-Deflate is one of the simplest out there.

Login to your server as root
Download the install script
wget http://www.inetbase.com/scripts/ddos/install.sh

Run the installer
sh install.sh

DOS-Deflate should now be installed.

Please note that DOS-Deflate uses APF to ban IPs so you must have it installed for DOS-Deflate to work properly.

Customizing DOS-Deflate is very easy. You have to edit /usr/local/ddos/ddos.conf with your favorite editor for example

vi /usr/local/ddos/ddos.conf

Every setting is explained in the configuration file so I will not go over them as the explanations are quite easy to fallow up.
[/quote]
(This post was last modified: 11-25-2008 03:10 AM by BeNe.)
05-27-2008 08:09 AM
Find all posts by this user Quote this message in a reply
prale Offline
Junior Member
*

Posts: 92
Joined: Feb 2008
Reputation: 1
Post: #2
RE: [HOW-TO] APF Firewall and DDOS Deflate
Actually while the above configuration works for me I think some ports in my config still don't need to be open to the world (like ISPCP daemon etc).

What is the best config for a basic ISPCP install to work proper?

# Common inbound (ingress) TCP ports
IG_TCP_CPORTS="21,22,53,80,110,143,443,587,783,993,995,2812,9876,10024,12525,60000"

# Common inbound (ingress) UDP ports
IG_UDP_CPORTS="20,21,53"
(This post was last modified: 06-30-2008 09:12 AM by prale.)
05-27-2008 08:17 AM
Find all posts by this user Quote this message in a reply
victor531 Offline
Junior Member
*

Posts: 167
Joined: Oct 2007
Reputation: 3
Post: #3
RE: [HOW-TO] APF Firewall and DDOS Deflate
A question about this

I'm using shorewall, denyhosts and failban2 (debian 4.0+ispcpRC4), my question is
Is APF better or worst than this team?
05-28-2008 11:53 AM
Find all posts by this user Quote this message in a reply
skopy Offline
Junior Member
*

Posts: 11
Joined: Nov 2009
Reputation: 0
Post: #4
RE: [How-To] APF Firewall and DDOS Deflate
hi

did anyone manage to set fail2ban with apf?

i tried

Quote:actionban = apf -d <ip>

but iz gives me 7f00 error in fail2ban.log

Quote:fail2ban.actions.action: ERROR apf -d x.x.x.x returned 7f00


thanks

skopy
(This post was last modified: 12-11-2009 08:59 PM by skopy.)
12-11-2009 08:15 PM
Find all posts by this user Quote this message in a reply
skopy Offline
Junior Member
*

Posts: 11
Joined: Nov 2009
Reputation: 0
Post: #5
RE: [How-To] APF Firewall and DDOS Deflate
ok

figured it out...

right ban command is

Code:
actionban = /etc/apf/apf -d <ip>
(This post was last modified: 12-15-2009 12:16 AM by skopy.)
12-15-2009 12:16 AM
Find all posts by this user Quote this message in a reply
mafia Offline
Banned

Posts: 170
Joined: May 2008
Post: #6
RE: [How-To] APF Firewall and DDOS Deflate
hello

c is the tutorial for debian thank you
12-15-2009 02:38 AM
Find all posts by this user Quote this message in a reply
Nuxwin
Unregistered

 
Post: #7
RE: [How-To] APF Firewall and DDOS Deflate
(12-15-2009 02:38 AM)mafia Wrote:  hello

c is the tutorial for debian thank you

Translation in human readable: It' is a howto for Debian. Thank you.

Mafia ;

Merci d'écrire tes messages dans un langage correcte est compréhensible pour tous. En plus de faire des fautes, tu mélanges français et anglais.

Merci d'utiliser le traducteur google.

Thank you to write your messages in a correct and understandable language for all. Here, in addition to the spelling errors, you mix the French and English

Please, use google translator
12-15-2009 03:54 AM
Quote this message in a reply
kilburn Offline
Development Team
*****
Dev Team

Posts: 2,182
Joined: Feb 2007
Reputation: 34
Post: #8
RE: [How-To] APF Firewall and DDOS Deflate
Just a comment: ispcp sets up some iptables rules to count the global server traffic usage, so installing apf may interfere with this functionallity. Can someone confirm if this is the case? Thanks.
12-15-2009 05:53 PM
Visit this user's website Find all posts by this user Quote this message in a reply
skopy Offline
Junior Member
*

Posts: 11
Joined: Nov 2009
Reputation: 0
Post: #9
RE: [How-To] APF Firewall and DDOS Deflate
(12-15-2009 05:53 PM)kilburn Wrote:  Just a comment: ispcp sets up some iptables rules to count the global server traffic usage, so installing apf may interfere with this functionallity. Can someone confirm if this is the case? Thanks.

damn.... stats dont work.....

anyone have an idea how to set it up?
12-15-2009 10:53 PM
Find all posts by this user Quote this message in a reply
skopy Offline
Junior Member
*

Posts: 11
Joined: Nov 2009
Reputation: 0
Post: #10
RE: [How-To] APF Firewall and DDOS Deflate
since no idea how to set it up how to reload ispcp iptabels rules?
12-17-2009 10:15 PM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 2 Guest(s)