APF Firewall -Advanced Policy Firewall - Basics

From Brian Nelson Ramblings
Jump to: navigation, search

APF Firewall -Advanced Policy Firewall - Basics

Advanced Policy Firewall, or APF, is a firewall is widely used on web servers running CentOS. It is basically an interface to iptables, which is the standard interface to managing network ports on Linux machines. Interacting with iptables can be complex and error-prone, and APF greatly simplifies working with it.

All of the APF configuration files are located in the /etc/apf folder on your server. Within this folder the allow_hosts.rules file contains all of the IP addresses that are whitelisted for the server and the deny_hosts.rules file contains all of the IPs that are being blocked by the firewall.

How to block an ipaddress with APF

This can be done in two ways

Edit the /etc/apf/deny_hosts.rules

vim /etc/apf/deny_hosts.rules

Then added the ipaddress you wish to block at the bottom of the file

Block Via the Command Line

The fastest way to block and ipaddress is by the command line

apf -d <ipaddress>

After making any adjustments to the apf, make sure to restart it

apf -r

How to Allow an ipaddress with APF

Sometimes, you will have the need to whitelist and ipaddress and again this can be done in two ways.

Edit the /etc/apf/allow_hosts.rules

vim /etc/apf/allow_hosts.rules

Then added the ipaddress you wish to whitelist at the bottom of the file

Allow Via the Command Line

Again, fastest way to allow an ipaddress is via the command line

apf -a <ipaddress>

After making any adjustments to the apf, make sure to restart it

apf -r

Other Handy APF commands via the CLI

Starting apf...

apf -s

Restarting apf...

apf -r 

Stopping and flushing the rules from the firewall...

apf -f

List all firewall rules...

apf -l

Check the output firewall status...

apf -t

Remove an Ipaddress from deny and allow...

apf -u <ipaddress>

Remember to always restart apf after making changes to the rules!!!