Apf is a policy based iptable firewall which is very useful for blocking DDoS attack on heavily traffic servers. The issue is when we developrs/testers are using the same server which will deny all the traffic from their static Ip given. This is a major headache in most cases.
1. Opening port in apf firewall
Edit the file
"/etc/apf/conf.apf"
and find the entry of
"IG_TCP_CPORTS"
and added the ports to be opened in it.
A sample entry like this, I add the port ‘9091″ in it
<strong># Common inbound (ingress) TCP ports
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,9091,5222"</strong>
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,9091,5222"</strong>
Then restart the firewall
[root@host.mydomain.com] ~ >> apf -r
2. Trusting our ip’s on Apf firewall
Add our ip information on ”
/etc/apf/allow_hosts.rules
“. A sample entry like this
# inbound to destination port 22 from 192.168.2.1
# tcp:in:d=22:s=192.168.2.1#
# outbound to destination port 23 to destination host 192.168.2.1
# out:d=23:d=192.168.2.1#
# inbound to destination port 3306 from 192.168.5.0/24
# d=3306:s=192.168.5.0/24
# my IP ranges
69.16.222.0/24
64.91.239.0/26
187.68.0.0/16
129.16.23.96
# tcp:in:d=22:s=192.168.2.1#
# outbound to destination port 23 to destination host 192.168.2.1
# out:d=23:d=192.168.2.1#
# inbound to destination port 3306 from 192.168.5.0/24
# d=3306:s=192.168.5.0/24
# my IP ranges
69.16.222.0/24
64.91.239.0/26
187.68.0.0/16
129.16.23.96
Nice post.
I’ve configured my iptables with apf. Now a days, apf automatically removing IP addresses from allow_hosts.rules. Kindly help me to resolve this issue.
Ensure the development mode is disabled (DEV_MODE=0). Or check any programs/hackers forcefully empty that file