APF Firewall -Advanced Policy Firewall - Basics

APF Firewall -Advanced Policy Firewall - Basics

Advanced Policy Firewall, or APF, is a firewall is widely used on web servers running CentOS. It is basically an interface to iptables, which is the standard interface to managing network ports on Linux machines. Interacting with iptables can be complex and error-prone, and APF greatly simplifies working with it.

All of the APF configuration files are located in the /etc/apf folder on your server. Within this folder the allow_hosts.rules file contains all of the IP addresses that are whitelisted for the server and the deny_hosts.rules file contains all of the IPs that are being blocked by the firewall.

How to block an ipaddress with APF

This can be done in two ways

Edit the /etc/apf/deny_hosts.rules

vim /etc/apf/deny_hosts.rules

Then added the ipaddress you wish to block at the bottom of the file

Block Via the Command Line

The fastest way to block and ipaddress is by the command line

apf -d <ipaddress>

After making any adjustments to the apf, make sure to restart it

apf -r

How to Allow an ipaddress with APF

Sometimes, you will have the need to whitelist and ipaddress and again this can be done in two ways.

Edit the /etc/apf/allow_hosts.rules

vim /etc/apf/allow_hosts.rules

Then added the ipaddress you wish to whitelist at the bottom of the file

Allow Via the Command Line

Again, fastest way to allow an ipaddress is via the command line

apf -a <ipaddress>

After making any adjustments to the apf, make sure to restart it

apf -r

Other Handy APF commands via the CLI

Starting apf...

apf -s

Restarting apf...

apf -r 

Stopping and flushing the rules from the firewall...

apf -f

List all firewall rules...

apf -l

Check the output firewall status...

apf -t

Remove an Ipaddress from deny and allow...

apf -u <ipaddress>

Remember to always restart apf after making changes to the rules!!!

 
 
 
 
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

OpenVPN Tutorial For Debian/Ubuntu on OpenVZ

What is OpenVPN?OpenVPN is a reliable and well tested VPN solution that is able to run over a...

How do I SSH into my VPS? (OS X/Terminal)

If you are on a Mac, SSH-ing into your VPS is very simple. Simply launch "Terminal" by going to...

How do I SSH into my VPS? (Windows/Putty)

This article will teach you how to access your server via SSH using the PuTTY client on Windows....

Install Remi and EPEL yum repo Centos 7

Install Yum EPEL and Remi repositories on Centos 7 Adding additional useful repo's on Centos 6...

Install PHP/PHP-FPM 5.4 Centos 7

Install PHP/PHP-FPM 5.4 on Centos 7 PHP is a server-side scripting language designed for web...