How to Install APF Firewall on a VPS Server?
Paul on April 26th, 2010
When its a matter of security, you need to be more cautious because hacking attempts goes on consistently on Internet. Firewall is such a thing that without it nobody’s data on any type of server is secured. When you opt for a dedicated hosting or a VPS Hosting, ensure that you install the APF (Advanced Policy Firewall) on your server in order to protect your website data from various DoS attacks.
Installing a AFP firewall doesn’t require much time, it is very easy process to setup and activate it. Below are the simple steps to install the APF firewall on your VPS Server.
Very first you require to define which IPtables modules should be available for VE’s.
Edit /etc/sysconfig/iptables-config:
IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”
Edit /etc/sysconfig/vz:
IPTABLES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”
Please note – iptables modules in IPTABLES parameter in /etc/sysconfig/vz should be placed in one single line, no line breaks is allowed in this parameter.
Restart vz service. All VE’s will be restarted.
service vz restart
Increase ‘numiptent’ parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~200 rules. Let’s set it to 400:
vzctl set 101 –numiptent 400 –save
In VE (VPS),
Install APF inside the VE as usual.
Edit /etc/apf/conf.apf, set the following parameters:
IFACE_IN=”venet0? IFACE_OUT=”venet0? SET_MONOKERN=”1?
Start APF inside the VE:
/etc/init.d/apf start
You can use the same steps to install a BFD on your server.
