APF Firewall and DDOS Deflate

[AnonImatOr]

 

 

Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file. The management of APF on a day-to-day basis is conducted from the command line with the ‘apf’ command, which includes detailed usage information and all the features one would expect from a current and forward thinking firewall solution.

 

    APF is one of the best firewalls out there and is an important component in your server security. Every server should have a firewall installed !

 

    How to install APF

 

    Download the package and extract the files

    wget http://www.r-fx.ca/downloads/apf-current.tar.gz

    gzip -d apf-current.tar.gz

    tar -xf apf-current.tar

    cd apf-0.9.6-3/

 

    Do the actual install

    ./install.sh

 

    You will get something like

 

    Installing APF 0.9.6-3: Completed.

 

    Installation Details:

    Install path: /etc/apf/

    Config path: /etc/apf/conf.apf

    Executable path: /usr/local/sbin/apf

    AntiDos install path: /etc/apf/ad/

    AntiDos config path: /etc/apf/ad/conf.antidos

    DShield Client Parser: /etc/apf/extras/dshield/

 

    Other Details:

    Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306

    Listening UDP ports: 53

    Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.

 

    If you get a failure about the creation of /etc/init.d/apf, you can add the following string too the bottom of the

    /etc/rc.local file:

 

    sh -c "/etc/apf/apf -s" &

 

 

    You have to configure the firewall now

    vi /etc/apf/conf.apf

 

    I will only show you the basic configuration. APF is a very powerful firewall and you should read every setting carefully.

    We will limit inbound access ports. Locate in the /etc/apf/conf.apf the section “IG_TCP_CPORTS” and use the fallowing lines:

 

    # Common inbound (ingress) TCP ports

    IG_TCP_CPORTS="21,22,25,53,80,110,143,443,587,783,993,995,2812,9876,10024,12525,60000"

 

    # Common inbound (ingress) UDP ports

    IG_UDP_CPORTS="20,21,53"

 

    NOTE! This is what I use for most servers and should also work well with your server but I provide no guarantee! If you have a custom ssh port or you run a server on a different port you should add that to IG_TCP_CPORTS or to IG_UDP_CPORTS.

 

    Now it’s time to test the configuration. Do a apf restart:

    /etc/apf/apf -r

 

 

    Now test to see if everything is ok and that you can access all your services just fine.

    If everything is ok proceed to next step. You for some reason you get locked out just wait about 5 minutes as the firewall is set in test mode and will flash itself out after that period.

    Go back and check all the settings and then restart apf again.

 

    Finalize the install

    If everything is ok after the initial tests you have to set APF into “production” mode.

    Edit /etc/apf/conf.apf and change DEVEL_MODE=”1″ to DEVEL_MODE=”0″

    Go ahead and restart apf one last time:

 

    /etc/apf/apf -r

 

    For more information about apf configuration please feel free to consult http://rfxnetworks.com/appdocs/README.apf

    Please note that APF has a very nice log that you can check. For example you can tail the last 10 rows for this files

 

    tail -10 /var/log/apf_log

 

    If you what to deny IP 1.2.3.4 you have to run the command:

 

    apf -d 1.2.3.4 RESON

 

    Unbanning an IP can by done by running:

 

    apf -u 1.2.3.4

 

    Also banning and unbanning can be done by editing the file /etc/apf/deny_hosts.rules

 

    vi /etc/apf/deny_hosts.rules

 

    After you do any changes don’t forget to restart APF

 

    /etc/apf/apf -r

[Frank]

To be honest, it is a bit strange...Haven't seen something like this before..

[AnonImatOr]

To be honest, it is a bit strange...Haven't seen something like this before..

 

yes but it work! if you want you can check it..

i dont know other way to protect server from ddos attacks..

mmocore is only for noobisherror but there are and some other programs around

[Intrepid]

God bless you someone who finally realised linux is The operating system for lineage server!Thanks :)

[Frank]

Hmmm...So hide it! 100+ posts!

[AnonImatOr]

np :) i hope i help... cuz i dont like when someone ddos smth that someone alse try hard to make it

 

thats why i dont hide it ..

everybody can see it and fix it

[Intrepid]

np :) i hope i help... cuz i dont like when someone ddos smth that someone alse try hard to make it

 

most of the server which suffer ddos attack run with windows anyway :)

[AnonImatOr]

most of the server which suffer ddos attack run with windows anyway :)

 

if i learn a way for windows cause i need it too for my server be sure i will post it in all forums!

 

[Street-Gamer]

w00w thats cool.. thanks a lot.

[AnonImatOr]

w00w thats cool.. thanks a lot.

 

as i can see on your sing you are l2j developer.. maybe you know some ways to protect l2j server from ddos attacks windows

[Intrepid]

as i can see on your sing you are l2j developer.. maybe you know some ways to protect l2j server from ddos attacks windows

 

no hes just a wannabe credit stealer ignore him :)

 

BTW for the newbies you could maybe add the registering command part to the guide? :)

you know for the wget gzip tar :)

[AnonImatOr]

yes but this is not for newbies 1stly cause newbies server is fail and beter that hackers close them:) im joking.. and secondly they cant do this . to do ityou need some xp