How to open a specific port in APF?

APF is the abbreviation of Advanced Policy Firewall. It is a policy based firewall system designed to configure firewall (IPTables rules) simply and user friendly. Configuring iptables is slightly hard without the help of an application like APF or CSF. [APF Installation steps]

It’s simple to open/deny ports (incomming and outgoing) on the server via APF (Advanced Policy Firewall). It can be done by changing the values in APF configuration file. We can manage this by using the following APF directives: [APF Commands]

IG_TCP_CPORTS : Common inbound (ingress) TCP ports
IG_UDP_CPORTS : Common inbound (ingress) UDP ports
EG_TCP_CPORTS : Common outbound (egress) TCP ports
EG_UDP_CPORTS : Common outbound (egress) UDP ports

The configuration file for APF is : /etc/apf/conf.apf

To open a specific, open the configuration file and add the port to above mentioned directives.
This should be look like;


Then restart the APF service.

apf -r 
/etc/init.d/apf restart

That’s it!

Have you ever faced these errors?

eth0: error fetching interface information: Device not found
apf(22341): {glob} status log not found, created
eth0: error fetching interface information: Device not found

It’s because you’re using a virtual server with another network interface name. Edit the following lines in APF configuration to fix this!

# Untrusted Network interface(s); all traffic on defined interface will be subject to all firewall rules. This should be your internet exposed interfaces. Only one interface is accepted for each value.

Modify “eth0” with “venet0”.

Then I got this error:

apf(arun): {glob} flushing & zeroing chain policies
apf(arun): {glob} firewall offline
apf(arun): {glob} activating firewall
apf(23581): {glob} unable to load iptables module (ip_tables), aborting.
apf(arun): {glob} firewall initalized

Please change the value for “SET_MONOKERN” from 0 to 1.

# This allows the firewall to work around modular kernel issues by assuming that the system has all required firewall modules compiled directly into kernel. This mode of operation is not generally recommended but can be used scale APF to unique situations.

Post navigation

Arunlal Ashok

Cloud Infrastructure / DevOps Engineer. I'm dealing Linux servers since 2012. I started this blog to share and discuss my ideas.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team

Leave a Reply

Your email address will not be published. Required fields are marked *