There is one main firewall script I use everywhere. It is extremely simple to use and installs quickly.
Advanced Policy Firewall (APF)
Simple Settings to Configuring APF
My preferred text editor is vim, use nano or whatever else you prefer. Substitute my preference with your own with the below commands.
vi /etc/apf/conf.apf
This is the config file. As a sysadmin, I hate wasting time typing things out and therefore love being able to type “vi /etc/apf/conf” and then press Tab to finish the command for me. Well named guys.
DEVEL_MODE
Be familiar with DEVEL_MODE, you need to have it turned off for production operations. With it turned on, your firewall rules will flush to to none every 5 minutes. It’s designed for you to test your settings work, but if you lock yourself out you’ll get access in 5 minutes time again.
IFACE_IN / IFACE_OUT
If you’re using a virtual machine, you may have something other than eth0. Be sure to change it to the untrusted or public network interface.
SET_MONOKERN
If you install APF on a virtual machine, VPS, VE (virtual environment), or whatever you want to call it, and you don’t have access to the kernel you might have to change this to 1 for it to work.
SYSCTL_SYNCOOKIES
This will turn on syn cookies for you. Can help filter out SYN denial of service attacks by flagging packets.
IG_TCP_CPORTS
The permitted inbound TCP ports. Very important. Basically put in all the port numbers you want to be publicly open. For example, HTTP (80) and DNS (53). If you want to allow access to certain IP addresses only, but not the world, don’t include them here.
IG_UDP_CPORTS
The permitted inbound UDP ports. I see FTP (21) and DNS (52) in these a lot, I don’t think it is necessary though.
IG_ICMP_TYPES
Internet Control Message Protocol (ICMP) or commonly called ping (basically the ping command uses this protocol to test connections). Each type of ICMP state corresponds with a number, which you can permit or block. Read about the states and results on Wikipedia, I’m not going into them. The idea being you can block ping on your server, if a hacker pings you to see if your host is online it can response with request timed out, and they might move on.
EGF
“Outbound (egress) filtering”. Set to 0 or disabled by default. It allows you to filter outbound connections to your server. This is the master on/off switch for the feature.
EG_TCP_CPORTS
Outbound TCP Ports to allow.
EG_UDP_CPORTS
Outbound UDP ports to allow.
EG_ICMP_TYPES
Outbound ICMP or ping types to allow. Again, read about the states and results on Wikipedia to save me going into it.
Other Firewalls – CSF (ConfigServer Security & Firewall)
If you use a cPanel server, CSF (ConfigServer Security & Firewall) is very popular and integrates with Web Hosting Manager (WHM). I’m not going to talk about it here, but check out the feature lists and download it at the developers website, ConfigServer.
Similar Posts:
- Locking down and securing SSH access to your server
- Error Connecting to VPN – Error 850: The Extensible Authentication Protocol type required for authentication…
- Allow, Deny and Remove with Advanced Policy Firewall (APF)
- Rant: Google In Trouble Over Collecting Unprotected WiFi Data
- How to start your own certificate authority in seconds!
- Our address has changed…
- Help Kill IE6