Firewalls: Difference between revisions
Jump to navigation
Jump to search
Created page with '= Firewalls = == APF == Basic usage options usage /usr/local/sbin/apf [OPTION] most of the time can use just the following: apf [OPTION] -s|--start ......................…' |
m 3 revisions |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
== APF == | == APF == | ||
Basic usage options | ===== Basic usage options ===== | ||
usage /usr/local/sbin/apf [OPTION] | usage /usr/local/sbin/apf [OPTION] | ||
| Line 16: | Line 16: | ||
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and immediately load new rule into firewall | -d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and immediately load new rule into firewall | ||
To remove a ip from the firewall you have to manually edit the below file and then restart apf. | ===== To remove a ip from the firewall ===== | ||
you have to manually edit the below file and then restart apf. | |||
vi /etc/apf/deny_hosts.rules | vi /etc/apf/deny_hosts.rules | ||
/etc/init.d/apf restart | /etc/init.d/apf restart | ||
To whitelist a ip from the firewall do the following. | ===== To whitelist a ip from the firewall ===== | ||
do the following. | |||
apf -a (ip here) | apf -a (ip here) | ||
/etc/init.d/apf restart | /etc/init.d/apf restart | ||
| Line 26: | Line 28: | ||
vi /etc/apf/allow_hosts.rules | vi /etc/apf/allow_hosts.rules | ||
/etc/init.d/apf restart | /etc/init.d/apf restart | ||
Latest revision as of 23:51, 23 October 2014
Firewalls
APF
Basic usage options
usage /usr/local/sbin/apf [OPTION] most of the time can use just the following: apf [OPTION]
-s|--start ......................... load firewall policies -r|--restart ....................... flush & load firewall -f|--flush|--stop .................. flush firewall -l|--list .......................... list chain rules -st|--status ....................... firewall status -a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and immediately load new rule into firewall -d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and immediately load new rule into firewall
To remove a ip from the firewall
you have to manually edit the below file and then restart apf.
vi /etc/apf/deny_hosts.rules /etc/init.d/apf restart
To whitelist a ip from the firewall
do the following.
apf -a (ip here) /etc/init.d/apf restart
Or the manual way
vi /etc/apf/allow_hosts.rules /etc/init.d/apf restart
Starting APF:Unable to load iptables module (ipt_state), aborting.
vi /etc/apf/conf.apf
Find the line that says SET_MONOKERN and change it to 1
/etc/init.d/apf restart
CSF
Iptables
BFD
# of attemps
vi /usr/local/bfd/conf.bfd