Protecting the server using iptables (Linux’s basic firewall) is a little bit difficult for beginners by comparing with firewall applications like CSF or APF. We have discussed about the installation and configuration of CSF on a Linux server in one of our previous blog article.
Here I am going to explain about APF (Advance Policy Firewall), another powerful firewall configuring tool under Linux. APF commands are quite different from CSF and comparatively less in number. After this you will get a clean idea about the APF command usages through shell.
APF : Advance Policy Firewall is a policy based firewall under Unix/Linux based system. The installation and configuration of APF is already discussed in our previous post. Read this blog post >> How to install APF? << to get APF installation steps. Here I’m discussing some commonly using APF commands.
Useful APF commands
You have to manage things through shell on a server with APF. The commands explained below is very helpful and easy to understand.
1. Command to start apf
# apf -s
2. Command to restart apf
# apf -r
3. Command to stop/flush apf
# apf -f
4. Command to list all firewall rules.
# apf -l
5. Command to output firewall status log.
# apf -t
6. To refresh & resolve dns names in trust rules.
# apf -e
7. To output all configuration options.
# apf -o
# apf -o --- APF version 9.7 <email@example.com> Copyright (C) 2002-2011, R-fx Networks <firstname.lastname@example.org> Copyright (C) 2011, Ryan MacDonald <email@example.com> This program may be freely redistributed under the terms of the GNU GPL DEVEL_MODE "0" INSTALL_PATH "/etc/apf" IFACE_IN "eth0" IFACE_OUT "eth0" IFACE_TRUSTED "" SET_VERBOSE "1" SET_FASTLOAD "0" ---
8. To remove host from [glob]*_hosts.rules and immediately remove rule from firewall.
# apf -u
9. White-list an IP address:
# apf -a IP or edit /etc/apf/allow_hosts.rules
Always restart apf after white-listing an IP in apf.
10. For blocking an IP in apf
# apf -d IP or edit /etc/apf/deny_hosts.rules
Don’t forget to restart apf after this.
That’s it 🙂