Difference between revisions of "Installing Advanced Policy Firewall and Brute Force Detection"
(Created page with " == Install Required Packages == '''If server does not have required packages, here is what you need.''' Before installing APF and BFD, install essential packages: '''sudo...") |
(No difference)
|
Revision as of 11:33, 21 April 2025
Contents
Install Required Packages
If server does not have required packages, here is what you need.
Before installing APF and BFD, install essential packages:
sudo apt update && sudo apt install wget curl tar unzip -y
Install APF (Advanced Policy Firewall)
cd /usr/local/src
sudo wget https://www.rfxn.com/downloads/apf-current.tar.gz
sudo tar -xzf apf-current.tar.gz
cd apf-*
sudo ./install.sh
Configure APF
Edit the main config file:
bash sudo nano /etc/apf/conf.apf
Key options to tweak:
DEVEL_MODE="1" → Change to "0" after confirming it works (default 5 min timeout for testing).
IG_TCP_CPORTS: Incoming TCP ports you want open (e.g., 22,80,443,21).
IG_UDP_CPORTS: Incoming UDP ports (e.g., 53 for DNS).
EGF="1": Enables egress filtering (optional, advanced setups).
Start APF
sudo /usr/local/sbin/apf -r
To test that it's working and not locking you out (important if remote):
sudo /usr/local/sbin/apf --status
Once confirmed:
sudo nano /etc/apf/conf.apf # Set: DEVEL_MODE="0" sudo /usr/local/sbin/apf -r
Enable APF at boot:
sudo systemctl enable apf
Install BFD (Brute Force Detection)
Download and Install
cd /usr/local/src sudo wget https://www.rfxn.com/downloads/bfd-current.tar.gz cd bfd-* sudo ./install.sh
Configure BFD
Edit the config file:
sudo nano /usr/local/bfd/conf.bfd
Recommended settings:
EMAIL_ALERTS="1"
EMAIL_ADDRESS="your@email.com"
TRIG="20" (number of failed attempts before blocking)
Optional: edit rules in /usr/local/bfd/rules/ (e.g., sshd, pure-ftpd, etc.).
Save and exit.
