APF:修订间差异
无编辑摘要 |
|||
第55行: | 第55行: | ||
# /usr/local/sbin/apf -r | # /usr/local/sbin/apf -r | ||
===查看APF日志== | ===查看APF日志=== | ||
查看日志 | 查看日志 | ||
第77行: | 第77行: | ||
===通过APF禁止IP=== | ===通过APF禁止IP=== | ||
可通过下面两种方法禁止IP | |||
* 通过命令: | |||
> | |||
> IPHERE | /etc/apf/apf -d IPHERE COMMENTHERENOSPACES | ||
> COMMENTSHERENOSPACES | |||
>-d 表示禁止IP | |||
> IPHERE 要禁止的IP地址 | |||
> COMMENTSHERENOSPACES 注释该IP被封的原因 | |||
该命令是立即生效的 | |||
例子: | |||
./apf -d 185.14.157.123 TESTING | ./apf -d 185.14.157.123 TESTING | ||
vi /etc/apf/deny_hosts.rules | |||
文件中多出来: | |||
# added 185.14.157.123 on 08/23/05 01:25:55 | # added 185.14.157.123 on 08/23/05 01:25:55 | ||
第96行: | 第102行: | ||
185.14.157.123 | 185.14.157.123 | ||
*通过编辑文件 deny_hosts.rules | |||
vi /etc/apf/deny_hosts.rules | |||
然后在该文件中添加要过滤的IP. 需要重新APF设置才会生效: | |||
/etc/apf/apf -r | /etc/apf/apf -r |
2010年5月2日 (日) 23:50的版本
APF是Linux服务器常用的免费防火墙。
APF安装
- 下载APF源码
# wget http://www.rfxn.com/downloads/apf-current.tar.gz
- 解压缩
# tar -xvzf apf-current.tar.gz
- 进入 APF目录
# cd apf-0.9.7-1/ or whatever the latest version is.
- 运行安装文件
# ./install.sh
APF配置
修改配置文件
# vi /etc/apf/conf.apf
端口设置 (INGRES)
- cPanel的设置
# Common ingress (inbound) TCP ports IG_TCP_CPORTS=" 20,21,22,25,26,53,80,110,143,443,465,993,995,2082, 2083,2086,2087,2095,2096,3306,6666"\ # Common ingress (inbound) UDP ports IG_UDP_CPORTS="21,53,465,873"
- DirectAdmin 面板的设置
# Common ingress (inbound) TCP ports IG_TCP_CPORTS=" 21,22,25,53,80,110,111,143,443,587953,2222,3306,32769" # Common ingress (inbound) UDP ports IG_UDP_CPORTS="53,111,631,724,5353,32768,32809"
让APF监控外出流量
修改: EGF="0" 为 EGF="1"
- Tell APF what ports to monitor
- Common egress (outbound) TCP ports (for Cpanel servers)
EG_TCP_CPORTS="21,22,25,26,37,43,53,80,110,113,443,465,873,2089,3306"
- Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,465,873"
- Common ICMP (outbound) types
- 'internals/icmp.types' for type definition; 'all' is wildcard for any
EG_ICMP_TYPES="all"
- Save your changes! Ctrl+X then press Y
- Start APF
- /usr/local/sbin/apf -s
- If all works edit the config file and change the developer mode to 0
- pico /etc/apf/conf.apf
修改 DEVM="1" 为 DEVM="0"
重启 APF
# /usr/local/sbin/apf -r
查看APF日志
查看日志 tail -f /var/log/apf_log
输出类似下面的内容:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123 Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123
让APF随服务器自动启动
让APF随服务器自动启动,运行下面的命令:
chkconfig --level 2345 apf on
禁止APF自动启动,运行下面的命令:
chkconfig --del apf
通过APF禁止IP
可通过下面两种方法禁止IP
- 通过命令:
/etc/apf/apf -d IPHERE COMMENTHERENOSPACES
>-d 表示禁止IP
> IPHERE 要禁止的IP地址 > COMMENTSHERENOSPACES 注释该IP被封的原因
该命令是立即生效的
例子:
./apf -d 185.14.157.123 TESTING
vi /etc/apf/deny_hosts.rules
文件中多出来:
# added 185.14.157.123 on 08/23/05 01:25:55 # TESTING 185.14.157.123
- 通过编辑文件 deny_hosts.rules
vi /etc/apf/deny_hosts.rules
然后在该文件中添加要过滤的IP. 需要重新APF设置才会生效:
/etc/apf/apf -r
- 设置许可IP(Unblocking)
I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.
A) pico /etc/apf/deny_hosts.rules
Find where the IP is listed and remove the line that has the IP. After this is done save the file and reload apf to make the new changes active.
/etc/apf/apf -r
B) If the IP isn’t already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules
/etc/apf/apf -a IPHERE COMMENTHERENOSPACES > The -a flag means ALLOW the IP address > IPHERE is the IP address you wish to allow > COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they’re instantly active. Example:
./apf -a 185.14.157.123 UNBLOCKING
pico /etc/apf/allow_hosts.rules
# added 185.14.157.123 on 08/23/05 01:39:43 # UNBLOCKING 185.14.157.123
APF自定义Iptables命令
/etc/apf下有2个配置文件postroute.rules和preroute.rules。把Iptables的POSTROUTE和 PREROUTE命令放入对应的配置文件,APF在启动时就会自动调用实现NAT转发。 其他Iptables自定义命令可以直接写入/etc/apf/firewall里面。
APF常用操作命令
apf -s # 启动APF防火墙
apf -r # 重启APF防火墙
apf -f # 刷新APF防火墙配置文件
apf -l # 列出APF的配置信息,与iptables -nL类似
apf -st # APF信息统计。主要包括白名单,黑名单信息。
apf -a IP地址/IP段(FQDN) "注释" # 将IP/IP段添加到白名单
apf -d IP地址/IP段(FQDN) "注释" # 将IP/IP段添加到黑名单
apf -u # 将IP/IP段从白/黑名单中删除