APF (Advanced Policy Firewall) Linux

[Kyle F]

Hey guys...

What do you people think to using APF as the security firewall on a dedicated server? I had to uninstall ConfigServer Firewall (CSF) on my Linux CentOS 6 dedicated server because it kept randomly banning my IP for some odd reason. So I uninstalled it, tried to install/download Fail2Ban but failed, it wouldn't download using the "wget" command. So I installed APF instead, seems to be working etc. But I'd like to know is APF as good as CSF and/or Fail2Ban? If not, which do you Linux dedi guru's recommend?

Thanks.

[Dmacleo]

well first I am not a guru by any definition... :smile:
have not had issue with csf but had heard this happened to some. by any chance were you using the dyndns function of CSF? I did also whitelist my ip in csf and cpanel cphulk.
have not tried APF so would be interested in peoples opinions too.
currently using csf, mod_security (with the csf plugin) and mod_evasive (and suhosin) with no issues but always interested in anything that may be better.

[Kyle F]

Well that's it. I've whitelisted my IP but still it gets banned even with my IP in the whitelist.

[Dmacleo]

LOL that ain't right but you knew that :)
did you also add the ip to lfd csf.ignore?
basically add ip in 2 spots. only time I had read about this happening (when added to both) was when there was dyndns issue ( the SECTION:Global Lists/DYNDNS/Blacklists area ) so I stayed away from that.

[Kyle F]

I added my IP in all the possible whitelists. :(

[Dmacleo]

thats just odd.
I had cpanel cphulk do it to me once, took me hour to figure out it wasn't csf doing it to me.
since csf and apf are just front ends for iptables and apf does not do it I would suspect lfd section.
as far as I can tell on cpanel servers people prefer csf due to its whm integration but for no panel people seem to have no real preference.
I had been wondering about fail2ban myself though, planned to look into it this week actually.

[Kyle F]

Yeah, I've been told F2B is quite good, but when attempting to wget the download link it fails to get it. :blink:

[Dmacleo]

for cent its in epel isn't it?
yum install fail2ban

[Kyle F]

I'm going try CSF once more, if it bans my IP randomly again I'll try F2B.

[Dmacleo]

it should generate email for root when it bans to tell you why, that may help lead you to the root cause.
I am using the preset strictest settings.
are you using cpanel?
if so I wonder if the strict cookie setting may be driving this.

[Rhett]

CSF is what I recommend, if it bans your IP there will be a log of why, just look at the blocked list etc, it should also be whit listing the install and configure IP as well, if not you can do this manually, add it to the ignore and white list to be safe.

[Kyle F]

At the moment so far so good. Not banned me..yet.

[Mat Barrie]

Just one important and often overlooked point - after adding your IP to the whitelist you did execute "csf -r" and "service lfd restart" to reload the config right? (Restarting csf does not restart lfd, so any changes you make don't apply to that until you seperately restart it).

[Kyle F]

I did this also, yes. At the moment all seems fine. It has not banned my IP as of yet.

[Dmacleo]

was wondering how you were making out w/ it.