Archive for the tag 'Advanced'

SBDavid
Sep 26th, 2010

CSF Advanced Allow/Deny Filters

CSF Advanced Allow/Deny Filters

In /etc/csf.allow and /etc/csf.deny you can add more complex port and ip filters using the following format (you must specify a port AND an IP address):

tcp/udp|in/out|s/d=port|s/d=ip|u=uid

Broken down:

tcp/udp : EITHER tcp OR udp OR icmp protocol
in/out : EITHER incoming OR outgoing connections
s/d=port : EITHER source OR destination port number (or ICMP type)
(use a _ for a port range, e.g. 2000_3000)
s/d=ip : EITHER source OR destination IP address
u/g=UID : EITHER UID or GID of source packet, implies outgoing connections, s/d=IP value is ignored

Note: ICMP filtering uses the “port” for s/d=port to set the ICMP type. Whether you use s or d is not relevant as either simply uses the iptables –icmp-type option. Use “iptables -p icmp -h” for a list of valid ICMP types. Only one type per filter is supported

Examples:

# TCP connections inbound to port 3306 from IP 11.22.33.44
tcp|in|d=3306|s=11.22.33.44

# TCP connections outbound to port 22 on IP 11.22.33.44
tcp|out|d=22|d=11.22.33.44

Reference: http://www.configserver.com/

SBDavid
Sep 23rd, 2009

Security - Install And Configure Advanced Policy Firewall (APF) On CentOS

Security - Install And Configure Advanced Policy Firewall (APF) On CentOS

From Advanced Policy Firewall’s website:

“Advanced Policy Firewall (APF) is an IPTables(Netfilter) based firewall system designed around the essential needs of today’s Linux servers. The configuration is designed to be very informative and easy to follow. The management on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information on all the features.”

Installation

Downloading and extracting.

wget http://www.rfxn.com/downloads/apf-current.tar.gz
tar -zxvf http://www.rfxn.com/downloads/apf-current.tar.gz
cd apf-9.7-1

and Run:

sh ./install.sh

APF will display locations of it’s executable and configuration files as well as ports detected as being used.

Configuration

APF’s basic configuration file is /etc/apf/conf.apf

By default everything is locked and You have to configure APF to open ports You need to use.

DEVEL_MODE=”1″ - be sure to set this option to 1 until You’re satisfied with the settings.
SET_MONOKERN=”0″ - APF supports monolithic kernels.
IFACE_IN=”eth0″ and IFACE_OUT=”eth0″ - untrusted interfaces connected to the network, mostly the Internet.

Testing

Start APF:

/usr/local/sbin/apf -s

We can use the following parameters:

-s - start APF

-r - restart APF

-f - stop APF

-l - list statistics

-st - status of APF

-a host - allow connections from “host”

-d host - deny connections from “host”

Advanced Policy Firewall - http://www.rfxn.com/projects/advanced-policy-firewall