A firewall is essential for the security of any server. Below are the steps to setting up APF on your system to control access:

Download and install APF:

cd /usr/src
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
tar -xvzf apf-current.tar.gz
cd apf-*
./install.sh

You will receive a message saying it has been installed, which will look something like this:

Installing APF 0.9.5-1: Completed.

Installation Details:
Install path:         /etc/apf/
Config path:          /etc/apf/conf.apf
Executable path:      /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path:  /etc/apf/ad/conf.antidos
DShield Client Parser:  /etc/apf/extras/dshield/

Now that APF is installed, it must be configured.

pico /etc/apf/conf.apf

Turn off development mode by setting the value of DEVEL_MODE to “0″

DEVEL_MODE="0"

Now locate this section:

# Common ingress (inbound) TCP ports

Remove the line directly below that starting with IG_TCP_CPORTS=. Copy and paste this line its place:

IG_TCP_CPORTS="20,21,25,53,80,110,113,143,443,465,993,995,2049,2082,2083,2086,2087,2095,2089,2096,3306,6666,30000_35000"

Do the same for these sections (if necessary):

# Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53,32786,111,2049"

# Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,80,443,43"

# Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53"

# Egress filtering [0 = Disabled / 1 = Enabled]
EGF="0"

The above sections determine what inbound ports will be open to the public. If you have any software on your system that requires a certain port to be open, add it to the list.  It is recommended to not open any ports that you don’t need!

This next step is VERY important, or you may find yourself locked out of the server. After you edit the configuration file, you need to open /etc/apf/allow_hosts_rules and add your IPs to the bottom of the file.

Once your IPs are added you can start up the firewall:

/etc/init.d/apf start