Hello!

I'm running a dedicated web server and I'd like to use APF to block HTTP(S) access to certain PORTS from all IP's except from mine.

Anyone knows how to do that?

Many thanks in advance!

Recommended Answers

All 3 Replies

I have never heard about APF until now but after reading their site:

The technical side of APF is such that it utilizes the latest stable features from the iptables (netfilter) project to provide a very robust and powerful firewall.

Is using iptables directly a solution?

Based on these instructions:

http://www.webhostgear.com/406.html

1) Login to your server as the root user.

2) cd /etc/apf

3) Use vi or nano or emacs to edit the /etc/apf/allow_hosts.rules file

e.g.: vi /etc/apf/allow_hosts.rules

4) Scroll down until after their last comment with the ##

Add the following in:

tcp:in:d=443:s=YOURHOMEIPHERE
out:d=443:d=YOURHOMEIPHERE

The d=443 part is the https port, so you can repeat for other services as well to limit connections if you like.

You must change YOURHOMEIPHERE to the IP address you want to let in. If this is going over the Internet you need to know your external IP address. Try http://www.ipaddressworld.com/ or some such service to see what your external IP address is.
e.g. 123.100.200.123

Save the changes.

5) Edit the /etc/apf/deny_hosts.rules file
EG: vi /etc/apf/deny_hosts.rules

Scroll down until the last default comment ## then below it add the following:

tcp:in:d=443:s=0/0
out:d=443:d=0/0

Save the changes.

6) Restart APF firewall
apf -r

commented: Great help provided :) +2

Thank you sknake, but no, iptables directly was not an option.

Thank you babystrangeloop, that's it! :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.