This page looks plain and unstyled because you're using a non-standard compliant browser. To see it in its best form, please upgrade to a browser that supports web standards. It's free and painless.

Blog About Dedicated Servers

« | »

Antidos via APF Firewall

Luigi Ramone | 15 December, 2005 21:30

Antidos is a really nice feature of the APF firewall, but it's not automatically turned on when you install and run APF.

First you probably want to make sure APF is running nicely for a few days and you have your own IP listed in the "allow_hosts.rules" file so you can't lock yourself out. You also want to understand how to access the EV1 remote console (from your EV1 account manager), just in case you do lock yourself out.

And to be even more safe, lets set DEVEL_MODE to "1" (on) and we need to setup USE_AD to enable the use of antidos, so find and edit these:

pico -w /etc/apf/conf.apf

DEVEL_MODE="1"

USE_AD="1"

apf -r

Now APF will quit in 5 minutes. Don't forget to put DEVEL_MODE back when everything is OK!



Your server will not be firewalled after 5 minutes! If you are under attack right now this might not be such a good thing to disable.

If you installed APF with the normal installer most of the settings for antidos should be OK. We only need to change a few things, find and change these:

pico -w /etc/apf/ad/conf.antidos

LP_KLOG="1"
IPT_BL="1"

USR_ALERT="1"
USER = “root”
ARIN_ALERT="1"

You can test run it manually (it's just a shell script):

/etc/apf/ad/antidos -a

It doesn't say anything if it liked the config file and your system, and if you ran it for the first time, you will find it created a blank log file at:

/var/log/apfados_log

You need to have antidos set to run via cron. If you have "crontab -e" all set up you can use that to set it up. Some panels let you edit the root cron job file from the panel.

This is a critical setup point, if not done, antidos will simply not operate.

Here's an example line, I added this to my root crontab:

*/2 * * * * /etc/apf/ad/antidos -a > /dev/null 2>&1

This will run antidos every two minutes. The author of antidos doesn't recommend running it once a minute as it may cause a bottleneck for itself and the CPU. Likewise running it beyond a period of once every 5 minutes is not recommended either, for obvious reasons.

You can check to see if it's being run with something like this:

tail -30 /var/log/cron

Now restart apf again:

apf -r

Try to access a few of your sites and if you are not locked out and happy with everything you can set DEVEL_MODE to "0" (off) :

pico -w /etc/apf/conf.apf

DEVEL_MODE="0"

apf -r


At this point it would be nice to test to see if it actually works, I leave that up to you to figure out how or maybe someone else can post some ideas. I would be very careful, you don't want to DOS the wrong server.

If for some reason you find out it's locking the wrong people out and want to turn it off, take this line out of root cron:

*/2 * * * * /etc/apf/ad/antidos -a > /dev/null 2>&1

And blank out this file:

/etc/apf/ad/ad.rules

You can look in the log file to see what went wrong:

/etc/apf/ad/apfados_log

And don't forget to restart apf:

apf -r


For more info on the settings, see the doc files at:
http://rfxnetworks.com/apf.php

Security :: Comment (0) :: Permalink :: Trackbacks (2)

Add comment

Topic

Text

Your name

Your email address (if any)

Your personal page (if any)


authimage




Powered by Boonic, Bloogo & pLog
This Blog does not have any affiliation nor relation with the mentioned companies. All the logotipos, trade names and images are property of the companies that registered them.