VPS APF Firewall Installation

Posted by: Admin  :  Category: Web Hosting

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

The following article steps describe how to install APF in a OpenVZ or Virtuozzo VPS (VE)
In main server,

apf_firewall_VPS

1. First of all, you need to define which iptables modules should be available for VEs.

Edit /etc/sysconfig/iptables-config:

IPTABLES_MODULES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”

Edit /etc/sysconfig/vz:

IPTABLES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp”

Please note – iptables modules in IPTABLES parameter in /etc/sysconfig/vz should be placed in one single line, no line breaks is allowed in this parameter.

Restart vz service. All VEs will be restarted.

service vz restart

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

2. Increase ‘numiptent’ parameter for the VE you need to install APF into. This parameter limits the amount of iptables rules available for a VE. Default APF configuration requires ~200 rules. Let’s set it to 400:

vzctl set 101 –numiptent 400 –save

In VE (VPS),

1. Install APF inside the VE as usual. Edit /etc/apf/conf.apf, set the following parameters:

IFACE_IN=”venet0″ IFACE_OUT=”venet0″ SET_MONOKERN=”1″

2. Start APF inside the VE:

/etc/init.d/apf start

BTW the BFD installation procedure is same as we do in real servers.

ShareThis


Web Hosting Blog

Linux Cpanel shared hosting: 600 GB disk space, 6 TB bandwidth, free domain, unlimited databases and ftp accounts, web hosting cheap and pro at Hostony

Leave a Reply

*