Secure & Harden Centos VPS Server (Install APF Firewall)

Install APF (Advanced Firewall Policy)

APF also works with iptables so you must make sure iptables is installed

You can check the status of iptables with the command

service iptables status

and install it with the command

yum install iptables* -y

Now you can download & install APF

wget http://www.rfxn.com/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-9*
./install.sh

Open the configuration file for editing:

nano -w /etc/apf/conf.apf

All the options are well commented. You can either leave them at their default values or make them more stringent: Optimally you should change:

– RAB=”0″ to RAB=”1″
– RAB_PSCAN_LEVEL=”2″ to RAB_PSCAN_LEVEL=”3″
– DLIST_PHP=”0″ to DLIST_PHP=”1″
– DLIST_SPAMHAUS=”0″ to DLIST_SPAMHAUS=”1″
– DLIST_DSHIELD=”0″ to DLIST_DSHIELD=”1″

In HELPER_SSH_PORT=”22″ you must change the port number if you changed in the sshd_config file

A similar change has to be made in IG_TCP_CPORTS=”22″

Change the testing flag DEVEL_MODE=”1″ to DEVEL_MODE=”0″

Restart the APF Firewall

/usr/local/sbin/apf -r

and enable it to start on booting the server

chkconfig --add apf
chkconfig --level 345 apf on

One thought on “Secure & Harden Centos VPS Server (Install APF Firewall)

Leave a Reply

Your email address will not be published. Required fields are marked *