APF Firewall -Advanced Policy Firewall - Basics
Advanced Policy Firewall, or APF, is a firewall is widely used on web servers running CentOS. It is basically an interface to iptables, which is the standard interface to managing network ports on Linux machines. Interacting with iptables can be complex and error-prone, and APF greatly simplifies working with it.
All of the APF configuration files are located in the /etc/apf folder on your server. Within this folder the allow_hosts.rules file contains all of the IP addresses that are whitelisted for the server and the deny_hosts.rules file contains all of the IPs that are being blocked by the firewall.
How to block an ipaddress with APF
This can be done in two ways
Edit the /etc/apf/deny_hosts.rules
vim /etc/apf/deny_hosts.rules
Then added the ipaddress you wish to block at the bottom of the file
Block Via the Command Line
The fastest way to block and ipaddress is by the command line
apf -d <ipaddress>
After making any adjustments to the apf, make sure to restart it
apf -r
How to Allow an ipaddress with APF
Sometimes, you will have the need to whitelist and ipaddress and again this can be done in two ways.
Edit the /etc/apf/allow_hosts.rules
vim /etc/apf/allow_hosts.rules
Then added the ipaddress you wish to whitelist at the bottom of the file
Allow Via the Command Line
Again, fastest way to allow an ipaddress is via the command line
apf -a <ipaddress>
After making any adjustments to the apf, make sure to restart it
apf -r
Other Handy APF commands via the CLI
Starting apf...
apf -s
Restarting apf...
apf -r
Stopping and flushing the rules from the firewall...
apf -f
List all firewall rules...
apf -l
Check the output firewall status...
apf -t
Remove an Ipaddress from deny and allow...
apf -u <ipaddress>
Remember to always restart apf after making changes to the rules!!!