Activities

June 2010
M T W T F S S
« May   Jul »
 123456
78910111213
14151617181920
21222324252627
282930  

how do I open a port in apf firewall and add my ip trusted.

Apf is a policy based iptable firewall which is very useful for blocking DDoS attack on heavily traffic servers. The issue is when we developrs/testers are using the same server which will deny all the traffic from their static Ip given. This is a major headache in most cases.

1. Opening port in apf firewall
Edit the file

"/etc/apf/conf.apf"

and find the entry of

"IG_TCP_CPORTS"

and added the ports to be opened in it.

A sample entry like this, I add the port ‘9091″ in it

<strong># Common inbound (ingress) TCP ports
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,9091,5222"</strong>

Then restart the firewall

[root@host.mydomain.com] ~ >> apf -r

2. Trusting our ip’s on Apf firewall
Add our ip information on ”

/etc/apf/allow_hosts.rules

“. A sample entry like this

# inbound to destination port 22 from 192.168.2.1
# tcp:in:d=22:s=192.168.2.1#
# outbound to destination port 23 to destination host 192.168.2.1
# out:d=23:d=192.168.2.1#
# inbound to destination port 3306 from 192.168.5.0/24
# d=3306:s=192.168.5.0/24
# my IP ranges
69.16.222.0/24
64.91.239.0/26
187.68.0.0/16
129.16.23.96

2 comments to how do I open a port in apf firewall and add my ip trusted.

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>