An email is sent to Sherin
    • home
    • user
    • contact
    • +91-9847999194
    • Home
    • Feedback
    • Gallery
    • Contact Me
    • Bookmark

    FIREWALLS

    APF

        HOW TO INSTALL APF IN LINUX MACHINE !! 

    You can use the following steps to uninstall apf in a linux machine:
     
     Stop the apf service running in the server.
    $ /etc/rc.d/init.d/apf stop 
    Remove the apf files from the server.
$ rm -Rf /etc/apf
$ rm -Rf /etc/rc.d/init.d/apf
$ rm -Rf /var/log/apf_log
$ rm -Rf /var/log/apfados_log
$ rm -Rf /usr/local/sbin/apf
 
    Disable apf in the run levels.
    $ /sbin/chkconfig --level 345 apf off

    Open up and remove this line: 
$  vi /etc/cron.daily/fw
  /etc/rc.d/init.d/apf restart >> /dev/null 2>&1

    ConfigServer Firewall (csf) is a Stateful Packet Inspection (SPI)
    It is a firewall that keeps track of the state of network connections
 (such as TCP streams, 
UDP communication) travelling across it. The firewall is programmed to 
distinguish legitimate 
packets for different types of connections. Only packets matching a known connection state will 
be allowed by the firewall; others will be rejected.

It used iptables firewall which is simple, straight-forward, easy 
and flexible to configure and secure with more checks to ensure smooth operation.

Installation Steps.

1. wget http://www.configserver.com/free/csf.tgz
2. tar -xzf csf.tgz
3. cd csf
4. sh install.sh

If APF and BFD is already enabled, then you have to disable it. Otherwise 
both (CSF and APF) will conflict.
To disable APF,

sh disable_apf_bfd.sh

CSF is configured to work on a cPanel server with all the standard cPanel ports open.

The configuration file is located at /etc/csf directory.
    IPTABLES
    The iptables command allows you to configure 
these rule lists, as well as set up new tables to be used for your particular situation.
 The Linux kernel contains the built-in ability to filter packets, 
allowing some of them into the system while stopping others. 
The 2.4 kernel's netfilter has three built-in tables or rules lists. 
They are as follows:

    *

      filter — This is the default table for handling network packets.
    *

      nat — This table used to alter packets that create a new connection.
    *

      mangle — This table is used for specific types of packet alteration. 

Each of these tables in turn have a group of built-in chains which correspond 
to the actions performed on the packet by the netfilter.

The built-in chains for the filter table are as follows:

    *

      INPUT — This chain applies to packets received via a network interface.
    *

      OUTPUT — This chain applies to packets sent out via the same 
       network interface which 
               received the packets.
    *

      FORWARD — This chain applies to packets received on one network interface 
      and sent out on another. 

The built-in chains for the nat table are as follows:

    *

      PREROUTING — This chain alters packets received via a network interface when they arrive.
    *

      OUTPUT — This chain alters locally-generated packets before they 
        are routed via a network interface.
    *

      POSTROUTING — This chain alters packets before they are sent out 
      via a network interface. 

The built-in chains for the mangle table are as follows:

    *

      PREROUTING — This chain alters packets received via a network 
      interface before they are routed.
    *

      OUTPUT — This chain alters locally-generated packets before 
     they are routed via a network interface. 

Every network packet received by or sent out of a Linux system is 
 subject to at least one table.

    • Home|
    • Feedback|
    • Gallery|
    • Contact Me|

    © Sherin Sunny. All rights reserved.

    Designed by: Sherin Sunny