If you are a new user, you should not follow this guide for production sever but follow our basic server setup guide and IPTables guide to configure your firewall. New users can follow this guide with test/development servers. Advanced Policy Firewall is an iptables based firewall. Here is how to install, configure Advanced Policy Firewall (AFP) on Ubuntu 16.04. It is essentially an interface to IPTables to configure a powerful firewall to secure servers. But it needs work experience with networking and resource monitoring. It can slightly delay the actions or suck resource more than written on official website. It is suggested more for dedicated servers, with at least 2 LAN cards and a modern server (read minimum 8GB physical RAM).
Install, Configure Advanced Policy Firewall (AFP) On Ubuntu 16.04
Here is official website with additional information :
1 | https://www.rfxn.com/projects/advanced-policy-firewall/ |
First update server :
---
1 | apt update |
Then download package and extract :
1 2 3 4 5 | wget http://www.rfxn.com/downloads/apf-current.tar.gz tar -xzvf apf-current.tar.gz cd apf-* chmod +x install.sh ./install.sh |
This will give this kind of output :
1 2 3 4 5 6 7 8 9 | Installing APF x.y-z: Completed. Installation Details: Install path: /etc/apf/ Config path: /etc/apf/conf.apf Executable path: /usr/local/sbin/apf Other Details: .... |
There is a configuration file at /etc/apf/conf.apf, which you should take a back and open :
1 | nano /etc/apf/conf.apf |
to have settings like this :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | INSTALL_PATH="/etc/apf" DEVEL_MODE="1" SET_MONOKERN="0" IFACE_IN="eth0" IFACE_OUT="eth0" IFACE_TRUSTED="eth0" SET_VERBOSE="1" IG_TCP_CPORTS="20,21,22,25,26,37,43,53,80,110,113,143,443,465,873,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306,6666" IG_UDP_CPORTS="53,6277" IG_ICMP_TYPES="3,5,11,30" EG_TCP_CPORTS="21,25,37,53,80,110,113,#123,443,43,873,953,2089,2703" EG_UDP_CPORTS="20,21,53,873,953,6277" TCP_STOP="DROP" UDP_STOP="DROP" ALL_STOP="DROP" BLK_PRVNET="0" |
You can see the interface is named as eth0.
Start firewall :
1 | apf -s |
To stop firewall :
1 | apf -f |
Restart firewall :
1 | apf -r |
Status of firewall :
1 | apf -st |
There are are two files to list allow, deny :
1 2 | /etc/apf/allow_hosts.rules /etc/apf/deny_hosts.rules |
Run this to add to allow list :
1 | apf -a some.bad.i.p |
Run this to add to deny list :
1 | apf -d some.bad.i.p |
In order to use on production server, you must read the official documents and other resources. We have only given a sane example to get started.
Tagged With advanced firewall ubuntu 2018