Firewalls: Difference between revisions

From Cheatsheet
Jump to navigation Jump to search
← Older edit
No edit summary
m 3 revisions
 
(No difference)

Latest revision as of 23:51, 23 October 2014

Firewalls

APF

Basic usage options
usage /usr/local/sbin/apf [OPTION]
most of the time can use just the following:
apf [OPTION]

-s|--start ......................... load firewall policies
-r|--restart ....................... flush & load firewall
-f|--flush|--stop .................. flush firewall
-l|--list .......................... list chain rules
-st|--status ....................... firewall status
-a HOST CMT|--allow HOST COMMENT ... add host (IP/FQDN) to allow_hosts.rules and immediately load new rule into firewall
-d HOST CMT|--deny HOST COMMENT .... add host (IP/FQDN) to deny_hosts.rules and immediately load new rule into firewall
To remove a ip from the firewall

you have to manually edit the below file and then restart apf. 

vi /etc/apf/deny_hosts.rules
/etc/init.d/apf restart
To whitelist a ip from the firewall

do the following. 

apf -a (ip here)
/etc/init.d/apf restart

Or the manual way 

vi /etc/apf/allow_hosts.rules
/etc/init.d/apf restart


Starting APF:Unable to load iptables module (ipt_state), aborting.
vi /etc/apf/conf.apf

Find the line that says SET_MONOKERN and change it to 1 

/etc/init.d/apf restart


CSF

Iptables

BFD

# of attemps
vi /usr/local/bfd/conf.bfd
Retrieved from "https://wiki.shooltz.net/w/index.php?title=Firewalls&oldid=945"