Advanced Policy Firewall
- Login to your server via shell as the root user.
- Download the APF version 0.9.7-1 (most current version todate) to your system
- Now you have to extract the tar file
bash# tar -zxf apf-current.tar.gz
- Go to the APF directory
bash# cd apf-0.9.7-1
- Run the code for installation
You will be alerted when the installation is complete.
Install path : /etc/apf
Config path : /etc/apf/conf.apf
Executable path : /usr/local/sbin/apf
- Modify the APF config file according to your user defined requirements.
bash# vi /etc/apf/conf.apf
(Hit i to enter the INSERT mode)
- Add in the ports you want to open for inbound (INGRES).
# Common ingress (inbound) TCP ports
# Common ingress (inbound) UDP ports
# Common ICMP (inbound) types
The variables mentioned above are already present in the configuration file. You can customize the ports.
- You have to particularly instruct APF to monitor outgoing (EGRESS) ports as well.
Change the line: EGF="0" to EGF="1"
- Specify the outbound ports to monitor.
# Common egress (outbound) TCP ports
# Common egress (outbound) UDP ports
# Common ICMP (outbound) types
- Specify the ports you want to block, if any.
The allow and deny trust files are located at:
You just have to list the ip's that you specifically wish to allow or deny in the respective files.
The format of these files are line-separated addresses, IP masking is supported.
Save and exit - hit 'esc' :wq 'enter'
- Start APF
bash# /usr/local/sbin/apf -s
- If all goes well, edit the config file and change the developer mode to 0
bash# vi /etc/apf/conf.apf
(Hit i to enter insert mode)
Change DEVM="1" to DEVM="0"
Save and quit - Hit 'esc' :wq 'enter'
- Restart APF
bash# /usr/local/sbin/apf -r
This is a list of ports you may want to exclude as they are required for the usage of Cpanel
- 1 & 111 Portscanner (to detect scans)
- 20 ftp tcp inbound/outbound
- 21 ftp tcp,udp inbound/outbound
- 22 ssh tcp inbound
- 25 smtp tcp inbound/outbound
- 26 smtp tcp inbound/outbound
- (this port is only needed to be open if the option in cpanel to run exim on port 26 is used.)
- 37 rdate tcp outbound
- 43 whois tcp outbound
- 53 DNS tcp/udp inbound/outbound
- (inbound is only needed if you run your own public DNS server)
- 80 http tcp inbound/outbound
- 110 pop3 tcp inbound
- 113 ident tcp outbound
- 143 imap4 tcp inbound
- 443 https tcp inbound
- 465 smtp tls/ssl tcp/udp inbound/outbound
- 873 rsync tcp/udp outbound
- 993 imap4 ssl tcp inbound
- 995 pop3 ssl tcp inbound
- 2082 cpanel tcp inbound
- 2083 cpanel ssl tcp inbound
- 2086 whm tcp inbound/(outbound for DNS cluster)
- 2087 whm ssl tcp inbound/(outbound for DNS cluster)
- 2089 cp licence tcp outbound (see below*)
- 2095 Webmail tcp inbound
- 2096 Webmail SSL tcp inbound
- 3306 mysql tcp (only if you need to connect remotely)
- 6666 chat tcp inbound
- 9898 AIM tcp outbound
- Browse All
- Budget Hosting
- Unlimited Hosting
- Reseller Hosting
- Word Press Hosting
- Windows Plesk Hosting
- Unlimited Plesk Hosting
- Windows Reseller Hosting
- Virtual Private Server
- RDP windows Plesk Server
- Dedicated Servers
- Cpanel Licenses
- Plesk License
- Directadmin Licenses
- Other Licenses
- Domain Reseller
- Anti Virus
- cloud VPS
- Website Security
- E-mail Services
- SSL Certificates
- Professional Email
- Register a New Domain
- Transfer Domains to Us
- Network Status
- Contact Us