نمایش نتایج: از شماره 1 تا 1 , از مجموع 1

موضوع: نصب apf

Hybrid View

پست قبلی پست قبلی   پست بعدی پست بعدی
  1. September 13th, 2008, 02:50 #1
    Vahid
    Vahid آنلاین نیست.
    مدیر کل Vahid آواتار ها
    تاریخ عضویت
    Aug 2008
    نوشته ها
    2,724
    تشکر تشکر کرده 
    435
    تشکر تشکر شده 
    6,976
    تشکر شده در
    2,085 پست

    پیش فرض نصب apf

    Tutorial on installing APF firewall (IP tables based) in Linux.
    When it comes to security, there is no such thing without firewall. when you buy a new dedicated or vps server, atleast make sure you install a firewall to protect your server from various intrusion attacks. Within minutes you can set up your firewall up and running. APF firewall is one of the popular and easy to setup IP tables based firewall for Linux servers. It also has additional features like prevention from DoS attacks

    Just follow the steps to setup and configure the firewall.
    CAUTION: Be careful on setting up the firewall on what ports to open and what not. If you arent sure, you may lock yourself out
    > wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
    > tar -zxf apf-0.9.3.tar.gz
    Now run the install shell script. Make sure you have iptables installed before you install apf firewall.
    > cd apf-0.9.3
    > ./install.sh
    After installation, you have to manually configure your firewall settings on what ports to open and what to block. You can edit the configuration file located in /etc/apf/conf.apf
    Installed paths

    Configuration File: /etc/apf/conf.apf
    Binary:     /usr/local/sbin/apf
    Start/Stop:     /etc/init/d/apf (start|stop|restart)
    Log: /var/log/apf_log
    Antidos conf file: /etc/apf/ad/config.antidos
    You can also use commands in the command line

    apf -s (start)
    apf -r (to restart)
    apf -f (to stop)
    Firewall Configuration

    Now open /etc/apf/conf.apf configuration file to manually make settings.
    > nano /etc/apf/conf.apf
    Step 1:
    Locate EGF="0" and change to EGF="1"
    Locate and set USE_AD="1"
    Step 2:
    Locate DEVEL_MODE and its value must be DEVEL_MODE="1"
    (Once you make sure that firewall is working fine, you can set this value to "0" later)
    Step 3:
    Here is the most important part on setting up ports. Make sure you dont lock yourself out by misquoting the port number. If you are using cpanel make sure you open 2082 and 2087 as otherwise you will not be able to login into cpanel.
    For Cpanel:
    Make sure you locate the following lines and change the values there.
    # Common ingress (inbound) TCP ports
    IG_TCP_CPORTS=" 20,21,22,25,26,53,80,110,143,443,465,993,995,2077, 2078,2082,
    2083,2086,2087,2095,2096,3306,6666"

    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="21,53,465,873,2077,2078"

    # Common ICMP (inbound) types
    # 'internals/icmp.types' for type definition; 'all' is wildcard for any
    IG_ICMP_TYPES="3,5,11,0,30,8"

    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS="21,22,25,26,37,43,53,80,110,113,443 ,465,873,2089,3306"

    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="20,21,53,465,873"

    # Common ICMP (outbound) types
    # 'internals/icmp.types' for type definition; 'all' is wildcard for any
    EG_ICMP_TYPES="all"
    For Plesk:
    # Common ingress (inbound) TCP ports
    IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,9 93,995,8443"

    # Common ingress (inbound) UDP ports
    IG_UDP_CPORTS="37,53,873"

    # Common ICMP (inbound) types
    # 'internals/icmp.types' for type definition; 'all' is wildcard for any
    IG_ICMP_TYPES="3,5,11,0,30,8"

    # Common egress (outbound) TCP ports
    EG_TCP_CPORTS="20,21,22,25,53,37,43,80,113,443,465 ,873,5224"

    # Common egress (outbound) UDP ports
    EG_UDP_CPORTS="53,873"
    Step 5:
    Finally set DEVEL_MODE='0' APF Firewall for VPS Servers:

    If you are running apf firewall in VPS, there is a possibility that you will get "eth0: Device not found". Instead you have to make settings in the configuration file.
    Find the following lines and change the values like below.
    IFACE_IN = "venet0"
    IFACE_OUT = "venet0"
    DEVEL_MODE="1"
    SET_MONOKERN="1"

    <port settings as above>

    SET_MONOKERN="1"
    (The above line is important to have "1" if you are in VPS server as otherwise you will get unable to load ip tables module")
    Removing APF firewall

    First stop the apf
    /etc/init.d/apf stop
    Then, flush ip tables and remove all existing apf files even in cron job
    iptables -F
    rm -Rf /etc/apf
    rm -Rf /usr/local/sbin/apf
    rm -Rf /etc/rc.d/init.d/apf
    rm -Rf /var/log/apf_log
    rm -Rf /var/log/apfados_log


    /sbin/chkconfig --level 345 apf off
    Now remove this cron job
    nano /etc/cron.daily/fw

    Find and Remove this line:
    /etc/rc.d/init.d/apf restart >> /dev/null 2>&1

    Disclaimer: Usage of this tutorial is at your own risk. We cannot be responsible for any loss or damage incured as a result of this article.
    برای پیش رفت در علم آسانسوری وجود ندارد پله ها را باید پیاده رفت /./ همیشه این یادتان باشد که دست بالای دست بسیار است.
    يادمان باشد براي يك بار ايستادن صد ها بار افتاده ايم /./ بک آپ مهمترین رمز موفقیت هاستینگ /./ امنیت مطلق نیست.
    ارتباط مستقیم با من :
    Admin -{(@)}- WebHostingTalk . ir
    پاسخ با نقل قول پاسخ با نقل قول

  2. تعداد تشکر ها از Vahid به دلیل پست مفید

    merci
« موضوع قبلی | موضوع بعدی »

اطلاعات موضوع

کاربرانی که در حال مشاهده این موضوع هستند

در حال حاضر 1 کاربر در حال مشاهده این موضوع است. (0 کاربران و 1 مهمان ها)

مجوز های ارسال و ویرایش

  • شما نمیتوانید موضوع جدیدی ارسال کنید
  • شما امکان ارسال پاسخ را ندارید
  • شما نمیتوانید فایل پیوست کنید.
  • شما نمیتوانید پست های خود را ویرایش کنید
  •  

مشاهده قوانین انجمن