How to Install APF Firewall for cPanel

Rather than using CSF firewall recommend using APF (Advanced Policy Firewall) because of its flexibility with Cpanel servers. BFD is an additional way to secure your server which works good with APF. The following article will explain how to install APF on your cpanel server. (Note this applies only if you have QuickWeb VPS or Dedicated Server as we maintain our own hardware firewall on our own cPanel shared hosting so this is unecessary).

Don't forget that you can access your server via console inside VPS Manager should you locked-out yourself due to incorrect configuration.

1) Login to your server as root

2) Download the APF Source (current version 9.7-3)

CODE
# wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz


3) Extract the tar.gz

CODE
# tar -zxf apf-current.tar.gz


4) Enter the APF directory

CODE
# cd apf-9.7-2 


5) Run install code

CODE
./install.sh


6) Modify the APF config File

CODE
#nano /etc/apf/conf.apf

Note that OpenVZ uses venet0:0 and XEN using standard eth0 interface.

7) Add in the ports you want to open for inbound (INGRES). The following is for a cPanel box

CODE

# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=" 20,21,22,25,26,53,80,110,143,443,465,993,995,2082,
2083,2086,2087,2095,2096,3306,6666"

# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="21,53,465,873"

# Common ICMP (inbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
IG_ICMP_TYPES="3,5,11,0,30,8"


Please note that the above variables are already there, I placed what should be in there

8) Tell APF to monitor out going (EGRESS) also

CODE

Change the line:
EGF="0"
to
EGF="1"


9) Tell APF what ports to monitor

CODE

# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,22,25,26,37,43,53,80,110,113,443,465,873,2089,3306"

# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,465,873"

# Common ICMP (outbound) types
# 'internals/icmp.types' for type definition; 'all' is wildcard for any
EG_ICMP_TYPES="all"

10) Save and exit - hit 'esc' :wq 'enter'

11) Start APF

CODE
# /usr/local/sbin/apf -s


You may or may not get output, if not please let us know and we can advise as to what to do. If all goes well go back to the command line. You now want to verify everything works good , you can still get into SSH, cPanel works, you can view a page, etc.

12) If all works edit the config file and change the developer mode to 0

CODE
# vi /etc/apf/conf.apf

Hit i to enter insert mode

CODE
Change
DEVM="1"
to
DEVM="0"

Save and quit
Hit 'esc' :wq 'enter'

13) Restart APF

CODE
# /usr/local/sbin/apf -r

APF is now installed and monitoring your server.

  • 5 Utenti hanno trovato utile questa risposta
Hai trovato utile questa risposta?

Articoli Correlati

How To Install IonCube Loader in WHM/Cpanel

Check this online tutorial:...

How can I enable Mod-Rewrite Module?

n order to enable Mod_Rewrite for your site you should create a text file called .htacccess in...

Configuring your own cPanel DNS Server

Configuring your own DNS Server with cPanel+WHM is really easy and recommended if you wish to...

How to install Image::Magick in cPanel server

It is easy to install iMageMagick in your QuickWeb cPanel server (VPS or Dedicated Server only)...