Tag: apf
How do I install APF firewall into the VE?
by dino on Apr.01, 2010, under Virtuozzo
The installation of APF requires some additional steps to be taken on the hardware node.
1. First of all, you should define which iptables modules are available for VEs.
Edit /etc/sysconfig/iptables-config file on a Virtuozzo hardware node:
IPTABLES_MODULES="ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
Edit /etc/sysconfig/vz file on a Virtuozzo hardware node:
IPTABLES="ipt_REJECT
ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp"
Please note – iptables modules list in IPTABLES and IPTABLES_MODULES parameters in /etc/sysconfig/vz and /etc/sysconfig/iptables-config files should be placed in one single line, no linebreaks is allowed in this parameter.
Restart Virtuozzo. All VEs will be restarted.
# service vz restart
2. Increase ‘numiptent’ parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~400 rules. Lets set it to 400 in the example below for VE #101:
# vzctl set 101 --numiptent 400 --save
3. Install APF inside the VE. Edit /etc/apf/conf.apf inside VE, set the following parameters:
IFACE_IN="venet0"
IFACE_OUT="venet0"
SET_MONOKERN="1"
4. Start APF inside the VE:
# /etc/init.d/apf start
Uninstall APF
by dino on Jan.24, 2010, under Basics, Command Line, cPanel, DirectAdmin
Sometimes we may require to remove APF from the server. Here is a guide which shows how to remove APF completely from the server.
Stop the firewall first
service apf stop
/bin/rm -rfv /etc/apf
Remove the cron for APF
/bin/rm -fv /etc/cron.daily/fw
/bin/rm -fv /etc/init.d/apf
lastly disable at startup
chkconfig apf off
This should remove APF completely from the server as we removed the APF daemon, cron and files.
APF installation error on VPS : unable to load iptables module (ip_tables), aborting.
by dino on Sep.29, 2008, under Virtuozzo
While installing APF on your VPS you get the following error :
apf(28442): {glob} status log not found, created
apf(28463): {glob} flushing & zeroing chain policies
apf(28463): {glob} firewall offline
apf(28500): {glob} activating firewall
apf(28551): {glob} unable to load iptables module (ip_tables), aborting.
apf(28500): {glob} firewall initalized
apf(28500): {glob} !!DEVELOPMENT MODE ENABLED!! – firewall will flush every 5 minutes.
You need to configure the APF for your VPS.
nano -w /etc/apf/conf.apf
modify
to
Restart APF
apf -r
Now you will be able to complete apf installation fine 
cPanel required ports list
by dino on Jul.05, 2008, under Uncategorized
Cpanel required ports list
| Port | Service | Protocol | Direction | Notes |
| 20 | ftp | tcp | inbound/outbound | |
| 21 | ftp | tcp,udp | inbound/outbound | |
| 22 | ssh | tcp | inbound | |
| 25 | smtp | tcp | inbound/outbound | |
| 26 | smtp | tcp | inbound/outbound | |
| 37 | rdate | tcp | outbound | |
| 43 | whos | tcp | outbound | |
| 53 | DNS | tcp/udp | inbound/outbound | Inbound only needed if you run your own DNS server |
| 80 | http | tcp | inbound/outbound | |
| 110 | pop3 | tcp | inbound | |
| 113 | ident | tcp | outbound | |
| 143 | imap4 | tcp | inbound | |
| 443 | https | tcp | inbound | |
| 465 | smtp | tcp/ssl, tcp/udp | inbound/outbound | |
| 873 | rsync | tpc/udp | outbound | |
| 993 | imap4 | ssl tcp | inbound | |
| 995 | pop3 | ssl tcp | inbound | |
| 2082 | cpanel | tcp | inbound | |
| 2083 | cpanel | ssl tcp | inbound | |
| 2086 | whm | tcp | inbound | |
| 2087 | whm ssl | tcp | inbound | |
| 2089 | cp license | tcp | outbound | |
| 2095 | webmail | tcp | inbound | |
| 2096 | webmail | ssl tcp | inbound | |
| 3306 | mysql | tcp | inbound | Only if you need to connect remotely |
| 6666 | chat | tcp | inbound |
-
Howdy. Welcome to LinuxBabu ...........!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed. See ya around!
