Apf is a policy based iptable firewall which is very useful for blocking DDoS attack on heavily traffic servers. The issue is when we developrs/testers are using the same server which will deny all the traffic from their static Ip given. This is a major headache in most cases.
1. Opening port in apf firewall
Edit the file "/etc/apf/conf.apf" and find the entry of "IG_TCP_CPORTS" and added the ports to be opened in it.
A sample entry like this, I add the port ’9091″ in it
# Common inbound (ingress) TCP ports
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,9091,5222"
Then restart the firewall
[root@host.mydomain.com] ~ >> apf -r
2. Trusting our ip’s on Apf firewall
Add our ip information on ” /etc/apf/allow_hosts.rules“. A sample entry like this
# inbound to destination port 22 from 192.168.2.1
# tcp:in:d=22:s=192.168.2.1#
# outbound to destination port 23 to destination host 192.168.2.1
# out:d=23:d=192.168.2.1#
# inbound to destination port 3306 from 192.168.5.0/24
# d=3306:s=192.168.5.0/24
# my IP ranges
69.16.222.0/24
64.91.239.0/26
187.68.0.0/16
129.16.23.96
