10 APF (Advance Policy Firewall) commands in Linux – Simple usages

Protecting the server using iptables (Linux’s basic firewall) is a little bit difficult for beginners by comparing with firewall applications like CSF or APF. We have discussed about the installation and configuration of CSF on a Linux server in one of our previous blog article.

Here I am going to explain about APF (Advance Policy Firewall), another powerful firewall configuring tool under Linux. APF commands are quite different from CSF and comparatively less in number. After this you will get a clean idea about the APF command usages through shell.

APF : Advance Policy Firewall is a policy based firewall under Unix/Linux based system. The installation and configuration of APF is already discussed in our previous post. Read this blog post >> How to install APF? << to get APF installation steps. Here I’m discussing some commonly using APF commands.

Useful APF commands

You have to manage things through shell on a server with APF. The commands explained below is very helpful and easy to understand.

1. Command to start apf

# apf -s

2. Command to restart apf

# apf -r

3. Command to stop/flush apf

# apf -f

4. Command to list all firewall rules.

# apf -l

5. Command to output firewall status log.

# apf -t

6. To refresh & resolve dns names in trust rules.

# apf -e

7. To output all configuration options.

# apf -o

Example

# apf -o
---
APF version 9.7 <[email protected]>
Copyright (C) 2002-2011, R-fx Networks <[email protected]>
Copyright (C) 2011, Ryan MacDonald <[email protected]>
This program may be freely redistributed under the terms of the GNU GPL

DEVEL_MODE "0"
INSTALL_PATH "/etc/apf"
IFACE_IN "eth0"
IFACE_OUT "eth0"
IFACE_TRUSTED ""
SET_VERBOSE "1"
SET_FASTLOAD "0"
---

8. To remove host from [glob]*_hosts.rules and immediately remove rule from firewall.

# apf -u

9. White-list an IP address:

# apf -a IP
or
edit /etc/apf/allow_hosts.rules

Always restart apf after white-listing an IP in apf.

10. For blocking an IP in apf

# apf -d IP
or
edit /etc/apf/deny_hosts.rules

Don’t forget to restart apf after this.
That’s it 🙂

Related Posts:
1, CSF installation.
2, CSF commands.

Post navigation

Arunlal Ashok

DevOps Engineer. Linux lover. Traveller.
Always happy for an open discussion! Write to arun ((@)) crybit ((dot)) com.

Leave a Reply

Your email address will not be published. Required fields are marked *