Using (D)DoS Fleat to protect your Linux system

What is Proxy Shield and how to get one

Installing and configuring APF (Linux security)

August 13th, 2008 | Uncategorized

Advanced Policy Firewall (APF) is, like (D)DoS fleat, a iptables based firewall software for Linux box. APF is a powerful, yet easy to install and configure firewall.

Installing APF

 

 

Type the following into shell:

cd /usr/local/src
wget http://rfxnetworks.com/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-0.*
./install.sh

After you have installed the firewall you will see a message: “Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306
  Listening UDP ports: 53,55880“. This is just an output example, these ports are not auto configured. You have to configure the firewall manually.

Configuring APF

 

 

pico /etc/apf/conf.apf

At first you must enable development mode in the firewall configuration file. To do that, you must find DEVEL_MODE and set its value to 1.

Enabling ingress filtering

Find line # Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD from configuration file. In next line you can list all the ports to which you want to apply ingress filtering, for example:
IG_TCP_CPORTS=”21,22,25,53,80,110,143″

Enabling egress filtering

Find line # Egress filtering [0 = Disabled / 1 = Enabled]. To enable egress filtering set EGF=”1″ followed by the list of ports where egress filtering will be applied. For example:

# Common egress (outbound) TCP ports

EG_TCP_CPORTS=”21,25,80″

#

# Common egress (outbound) UDP ports

EG_UDP_CPORTS=”20,21,53″

Configuring Anti DOS

AntiDOS is a new feature to APF, which is meant to protect your system from Denial of Service attacks. The configuration file is located at /etc/apf/and log file at /var/log/apfados_log.

Find USE_AD and set it to 1. Now make the machine rune AntiDOS in every 2 minutes. It is not recommended to run it more often because it will create a bottleneck. Running it with more than 5 minutes gaps will most likely blank it’s use, thereby 2 minutes it the most optimal setting.

*/2 * * * * /etc/apf/ad/antidos -a > /dev/null 2>&1

You should also make APF start at boot time with chkconfig –level 2345 apf on

After you have finished configuring the firewall restart it with apf –r.

Now disable the development mode again by setting DEVEL_MODE to 0.

Start the firewall with /usr/local/sbin/apf -s

 

 







0 comments ↓

There are no comments yet...Kick things off by filling out the form below.

Leave a Comment