Something about APF firewall

[Jenny]

If you want to deny all IPs to connect to shell/ssh on you server but only allow a select one or few to connect with APF firewall.

=>

1) Login to the server
# cd /etc/apf

2) Edit the /etc/apf/allow_hosts.rules file
# vi /etc/apf/allow_hosts.rules

3) Scroll down until after their last comment with the ##

Add the following in:

tcp:in:d=22:s =YourIPHere
out:d=22:d =YourIPHere

The d=22 part is the port, so you can repeat for other services as well to limit connections if you like.

4) Save the changes.

5) Edit the /etc/apf/deny_hosts.rules file
# vi /etc/apf/deny_hosts.rules

Scroll down until the last default comment ## then below it add the following:

tcp:in:d=22:s=0/0
out:d=22:d=0/0

6) Save the changes.

7) Restart APF firewall
apf -r

Your server is now only allowing connections to the SSH service from one IP using APF. To add more than one IP repeat the steps in 4) adding a new tcp and out line for each IP.

---------------------------------------------------------------------

Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf


Listening TCP ports:
1,21,22,25,53,80,110,111,143,443,465,993,995,2082, 2083,2086,2087,2095,2096,3306

Listening UDP ports: 53,55880

Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.

[MelgiaGlory]

Great post. i really found that your post is helpful for me while using APF firewall.