How to block/allow only certain ports in APF?

If you are using APF as your firewall you most-likely want to block certain ports on your server (or better - only allow traffic to/from the server on specific ports). To make the appropriate changes on your system you will need to SSH into your server and switch to the "root" user. The do the following:

Open your APF configuration file:

pico /etc/apf/conf.apf

Scroll down in the file to where it says something like:

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,11000"

and

Common egress (outbound) ports
# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"

Depending on your version of APF the wording can look different, but overall you should be able to identify the appropriate sections. The settings shown above are just samples. Just modify the configuration on your server to meet your requirements. Make sure you do not kick yourself out. Warning: Leave the ports for SSH and possibly your control panel in the configuration file (as a bare minimum). If you do not know which ports to block or which port numbers to remove - DO NOT touch this file. Save the changes. Then restart APF. Test the port access on your server.