It’s a useful option to protect the server from unwanted/unauthorized connections. By using basic iptables we can allow/deny IPs, but it’s not such simple. The applications like CSF or APF will help us to do the same simply using simple commands. We have already discussed the ways to manage this kind of things using the user friendly application CSF. Click here for getting more about CSF commands in Unix.

Like CSF, the application APF (Advanced Policy Firewall) we can Allow or Deny IPs to server. This is much helpful as considering server security. Here we goes to the commands to do that.

APF command to Allow an IP on server.

You can use the command “apf” with “-a” switch to allow an IP or a range IPs in server. There is a file in APF installation directory to save the Allow entries. You can simply edit that file and add the IP address details on that to Allow IPs. Here I am explaining the two possible ways to do that.

Using the command “apf -a”

apf -a  [comment]


apf -a [owner]

It will be saved on allow_hosts.rules

[[email protected] apf]# cat allow_hosts.rules
# added on 06/14/14 17:19:51 with comment: [owner]

As I told, you can open the file “/etc/apf/allow_hosts.rules” and add the entry directly to Allow IPs.

How to Deny an IP address using APF?

Like allowing IP addresses we can simply deny IP using APF. The command-line option is “apf -d”


apf -d  [comment]


apf -d [HACKER]

An alternate option is, open the file “/etc/apf/deny_hosts.rules” and add the IP address directly on this to block.

Remove IPs from Allow/Deny entries of APF.

It’s simple to remove entries from those files 🙂 Here is the command to remove IP from Allow/Deny list.


apf -u 


apf -u

Click here for more about APF commands in Linux.

That’s it 🙂