Archive for the tag 'firewall'

How to install CSF Firewall on your Server.

Installation

Installation is quite straightforward:

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Next, test whether you have the required iptables modules:

perl /etc/csf/csftest.pl

Don’t worry if you cannot run all the features, so long as the script doesn’t report any FATAL errors

You should not run any other iptables firewall configuration script. For example, if you previously used APF+BFD you can remove the combination (which you will need to do if you have them installed otherwise they will conflict horribly):

sh /etc/csf/remove_apf_bfd.sh

That’s it. You can then configure csf and lfd by edit the files directly in /etc/csf/*, or on cPanel servers use the WHM UI

csf installation for cPanel is preconfigured to work on a cPanel server with all the standard cPanel ports open.

csf installation for DirectAdmin is preconfigured to work on a DirectAdmin server with all the standard DirectAdmin ports open.

csf auto-configures your SSH port on installation where it’s running on a non-standard port.

csf auto-whitelists your connected IP address where possible on installation.

You should ensure that kernel logging daemon (klogd) is enabled. Typically, VPS servers have this disabled and you should check /etc/init.d/syslog and make sure that any klogd lines are not commented out. If you change the file, remember to restart syslog.

Download the firewall script from : http://www.configserver.com/

Security - Install And Configure Advanced Policy Firewall (APF) On CentOS

From Advanced Policy Firewall’s website:

“Advanced Policy Firewall (APF) is an IPTables(Netfilter) based firewall system designed around the essential needs of today’s Linux servers. The configuration is designed to be very informative and easy to follow. The management on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information on all the features.”

Installation

Downloading and extracting.

wget http://www.rfxn.com/downloads/apf-current.tar.gz
tar -zxvf http://www.rfxn.com/downloads/apf-current.tar.gz
cd apf-9.7-1

and Run:

sh ./install.sh

APF will display locations of it’s executable and configuration files as well as ports detected as being used.

Configuration

APF’s basic configuration file is /etc/apf/conf.apf

By default everything is locked and You have to configure APF to open ports You need to use.

DEVEL_MODE=”1″ - be sure to set this option to 1 until You’re satisfied with the settings.
SET_MONOKERN=”0″ - APF supports monolithic kernels.
IFACE_IN=”eth0″ and IFACE_OUT=”eth0″ - untrusted interfaces connected to the network, mostly the Internet.

Testing

Start APF:

/usr/local/sbin/apf -s

We can use the following parameters:

-s - start APF

-r - restart APF

-f - stop APF

-l - list statistics

-st - status of APF

-a host - allow connections from “host”

-d host - deny connections from “host”

Advanced Policy Firewall - http://www.rfxn.com/projects/advanced-policy-firewall

Setting up the firewall for Passive FTP: (APF Firewall)

1.Open your APF configuration file with your favorite editor. This configuration file is usually located at: /etc/apf/conf.apf

vi /etc/apf/conf.apf

2. Select a port range to use for the passive FTP connection, and find the line that looks like this:

IG_TCP_CPORTS=”20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 993, 995, 2082, 2083, 2086, 2087, 2095, 2096, 3306″

If this list of ports already includes a port range above 20000, then you can skip onto configuring your FTP Server, but remeber the range listed. (20000 to 30000 would be written as 20000_30000)

3. Add the port range to the end of the line and within the quotation marks(”). Remeber each port/port range is seperated by a comman(,), and a port range between 35000 to 36000 is written as 35000_36000 .

IG_TCP_CPORTS=”20, 21, 22, 25, 53, 80, 110, 143, 443, 465, 993, 995, 2082, 2083, 2086, 2087, 2095, 2096, 3306, 35000_36000″

3. Save and restart your firewall.

To restart your firewall:

/etc/init.d/apf restart
SBDavid

APF - Advanced Policy Firewall

Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations.

The offical home page for APF is located at:

http://www.rfxnetworks.com/apf.php

If you are configuring iptables in your own custom kernel then you
should be sure that the following modules are compiled with the kernel for
modular support:

ip_tables
iptable_filter
iptable_mangle
ip_conntrack
ip_conntrack_irc
ip_conntrack_ftp
ipt_state
ipt_multiport
ipt_limit
ipt_recent
ipt_LOG
ipt_REJECT
ipt_ecn
ipt_length
ipt_mac
ipt_multiport
ipt_owner
ipt_state
ipt_ttl
ipt_TOS
ipt_TCPMSS
ipt_ULOG

If you would like to make sure you support these modules then you can take a look inside of /lib/modules/kernelver/kernel/net/ipv4/netfilter/ directory.

Installation

The installation setup of APF is very straight forward, there is an included
install.sh script that will perform all the tasks of installing APF for you.

Install

# sh install.sh

If one so desires they may customize the setup of APF by editing the variables inside the install.sh script followed by also editing the path variables in the conf.apf and internals.conf files. This is however not recommends and the default paths should meet all user needs, they are:

Install Path: /etc/apf
Bin Path: /usr/local/sbin/apf

The first is to setup APF in the init system with chkconfig (done by
default during install), as detailed below:

chkconfig –add apf
chkconfig –level 345 apf on

General Usage:

The /usr/local/sbin/apf command has a number of options that will ease the
day-to-day use of your firewall. Here is a quick snap-shot of the options:

usage /usr/local/sbin/apf [OPTION]
-s|–start ……………………. load the firewall rules
-r|–restart ………………….. stop (flush) & reload firewall rules
-f|–stop …………………….. stop (flush) all firewall rules
-l|–list …………………….. list chain rules
-t|–status …………………… firewall status
-e|–refresh ………………….. refresh & resolve dns names in trust rules
-a HOST CMT|–allow HOST COMMENT … add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|–deny HOST COMMENT …. add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall
-u|–remove HOST ………………. remove host from [glob_]deny_hosts.rules
and immediately remove rule from firewall
-o|–ovars ……………………. output all configuration options

Trust an address:
apf -a ryanm.dynip.org “my home dynamic-ip”
Deny an address:
apf -d 192.168.3.111 “keeps trying to bruteforce”
Remove an address:
apf -u ryanm.dynip.org
SBDavid

Configuring Your Firewall For Webmin

The simplest way to open up port 10000 is to use one of the Webmin firewall management modules, such as Linux Firewall, BSD Firewall or IPFilter Firewall. However, to access this you’ll need to run a brower on the same system as Webmin, and access it via the URL http://localhost:10000/.

The alternative is to login as root via SSH, and manually edit the firewall configuration file. On Redhat and derived systems, this is /etc/sysconfig/iptables, while on Debian it is /var/lib/iptables. The line you need to add is :

-A INPUT -p tcp -m tcp –dport 10000 -j ACCEPT

Once this line has been added, you will need to apply the firewall configuration. This is typically done with the command

/etc/init.d/iptables restart

« Prev - Next »