0

Hello!

I'm running a dedicated web server and I'd like to use APF to block HTTP(S) access to certain PORTS from all IP's except from mine.

Anyone knows how to do that?

Many thanks in advance!

Edited by =IceBurn=: n/a

3
Contributors
3
Replies
4
Views
7 Years
Discussion Span
Last Post by =IceBurn=
0

I have never heard about APF until now but after reading their site:

The technical side of APF is such that it utilizes the latest stable features from the iptables (netfilter) project to provide a very robust and powerful firewall.

Is using iptables directly a solution?

2

Based on these instructions:

http://www.webhostgear.com/406.html

1) Login to your server as the root user.

2) cd /etc/apf

3) Use vi or nano or emacs to edit the /etc/apf/allow_hosts.rules file

e.g.: vi /etc/apf/allow_hosts.rules

4) Scroll down until after their last comment with the ##

Add the following in:

tcp:in:d=443:s=YOURHOMEIPHERE
out:d=443:d=YOURHOMEIPHERE

The d=443 part is the https port, so you can repeat for other services as well to limit connections if you like.

You must change YOURHOMEIPHERE to the IP address you want to let in. If this is going over the Internet you need to know your external IP address. Try http://www.ipaddressworld.com/ or some such service to see what your external IP address is.
e.g. 123.100.200.123

Save the changes.

5) Edit the /etc/apf/deny_hosts.rules file
EG: vi /etc/apf/deny_hosts.rules

Scroll down until the last default comment ## then below it add the following:

tcp:in:d=443:s=0/0
out:d=443:d=0/0

Save the changes.

6) Restart APF firewall
apf -r

Votes + Comments
Great help provided :)
0

Thank you sknake, but no, iptables directly was not an option.

Thank you babystrangeloop, that's it! :)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.