Firewall

10 APF (Advance Policy Firewall) commands in Linux – Simple usages

Arunlal ALeave a reply
Post Views: 3,080

Protecting the server using iptables (Linux’s basic firewall) is a little bit difficult for beginners by comparing with firewall applications like CSF or APF. We have discussed about the installation and configuration of CSF on a Linux server in one of our previous blog article.

Here I am going to explain about APF (Advance Policy Firewall), another powerful firewall configuring tool under Linux. APF commands are quite different from CSF and comparatively less in number. After this you will get a clean idea about the APF command usages through shell.

APF : Advance Policy Firewall is a policy based firewall under Unix/Linux based system. The installation and configuration of APF is already discussed in our previous post. Read this blog post >> How to install APF? << to get APF installation steps. Here I’m discussing some commonly using APF commands.

Useful APF commands

You have to manage things through shell on a server with APF. The commands explained below is very helpful and easy to understand.

1. Command to start apf

# apf -s

2. Command to restart apf

# apf -r

3. Command to stop/flush apf

# apf -f

4. Command to list all firewall rules.

# apf -l

5. Command to output firewall status log.

# apf -t

6. To refresh & resolve dns names in trust rules.

# apf -e

7. To output all configuration options.

# apf -o

Example

# apf -o
---
APF version 9.7 <[email protected]>
Copyright (C) 2002-2011, R-fx Networks <[email protected]>
Copyright (C) 2011, Ryan MacDonald <[email protected]>
This program may be freely redistributed under the terms of the GNU GPL

DEVEL_MODE "0"
INSTALL_PATH "/etc/apf"
IFACE_IN "eth0"
IFACE_OUT "eth0"
IFACE_TRUSTED ""
SET_VERBOSE "1"
SET_FASTLOAD "0"
---

8. To remove host from [glob]*_hosts.rules and immediately remove rule from firewall.

# apf -u

9. White-list an IP address:

# apf -a IP
or
edit /etc/apf/allow_hosts.rules

Always restart apf after white-listing an IP in apf.

10. For blocking an IP in apf

# apf -d IP
or
edit /etc/apf/deny_hosts.rules

Don’t forget to restart apf after this.
That’s it 🙂

Related Posts:
1, CSF installation.
2, CSF commands.

Post navigation

Arunlal A

Senior System Developer at Zeta. Linux lover. Traveller. Let's connect! Whether you're a seasoned DevOps pro or just starting your journey, I'm always eager to engage with like-minded individuals. Follow my blog for regular updates, connect on social media, and let's embark on this DevOps adventure together! Happy coding and deploying!

Leave a Reply

Your email address will not be published. Required fields are marked *