APF on Debian 4.0

m4ri00sh

Verified User
Joined
May 20, 2007
Messages
215
OK, I had some problems with installing APF so I researched:
I found the informations at:
http://www.techyblog.com/content/view/49/27/
and here
http://www.scriptinstallation.in/apf_ipt_state.html

OK here you go (in case the websites crashed):
---------------
.. cd /opt

1. wget http://www.r-fx.ca/downloads/apf-current.tar.gz
2. wget http://www.mnxsolutions.com/scripts/apf.debian.init

3. tar -xzvf apf-current.tar.gz
4. cd apf-0.9.6-1/

5. ./install.sh
You will recieve back messages like below.. Notice the cp error.

Installing APF 0.9.6-1: cp: cannot create regular file `/etc/rc.d/init.d/apf': No such file or directory
Completed.

Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/

Other Details:
Listening TCP ports: 21,25,53,465,587
Listening UDP ports: 53,1812,1813,48921
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.

6. mv /opt/apf.debian.init /etc/init.d/apf
7. chmod +x /etc/init.d/apf
8. update-rc.d apf defaults
9. Edit /etc/apf/conf.apf to appropriate settings you may include Listening TCP/UDP from above if approp.
10. /etc/init.d/apf start

11. Validate, change /etc/apf/conf.apf DEVEL_MODE="0"
12. restart apf; /etc/init.d/apf restart
---------------------

but I got another error .....
Unable to load iptables module (ipt_multiport 1) so ..... I see you might have problem as well with ipt_state..... you need to...
---------------------
I have recently upgraded kernel of my linux server to 2.6.17.6. After this, APF Firewall stoped working. It give error message on starting firewall.

[root@server10 apf]# apf -s
Unable to load iptables module (ipt_state), aborting.
[root@server10 apf]#

The problem is due to module ipt_state is no longer exists, the name is changed to xt_state.

On my server, the module is available at "/lib/modules/2.6.17.6/kernel/net/netfilter"

The error can be fixed by editing /etc/apf/internals/functions.apf

# vi /etc/apf/internals/functions.apf

FIND

ml ipt_state 1
ml ipt_multiport 1

REPLACE WITH

ml xt_state
ml xt_multiport
----------------------


OK, Restarted apf and it seems to work, no errors, etc....
If someone sees a problem in that solution please respond....

I forgot about this: (found in different thread of this forum) oops

----
Scroll down to the "Common ingress (inbound) TCP ports section. At this point you need to find the correct configuration for your control panel.

-----DIrect Admin-----
IG_TCP_CPORTS="21,22,25,53,80,110,111,143,443,587,953,2222,3306,32769"
IG_UDP_CPORTS="53,111,631,724,5353,32768,32809"
---
 
Last edited:
Not sure but I found under
/etc/cron.daily/fw script

and it tried to run /etc/rc.d/init.d/apf restart >> /dev/null 2>&1

but it should be:
/etc/init.d/apf restart >> /dev/null 2>&1


(I think :D )
 
Use "xt_multiport" instead of "ipt_multiport 1" and "xt_state" instead of "ipt_state 1". Do this:
Code:
perl -pi -e 's/ipt_state 1/xt_state/' /etc/apf/internals/functions.apf
perl -pi -e 's/ipt_multiport 1/xt_multiport/' /etc/apf/internals/functions.apf
 
problem ???

I get this error on running install :
venus:/opt/apf-0.9.6-2# /etc/init.d/apf start
Starting APF:Development mode enabled!; firewall will flush every 5 minutes.
Can't open /etc/apf/internals/.apf.restore: No such file or directory

Why this error ??? I have found no documentation on google about this error ...

tdldp
 
I get this error on running install :
venus:/opt/apf-0.9.6-2# /etc/init.d/apf start
Starting APF:Development mode enabled!; firewall will flush every 5 minutes.
Can't open /etc/apf/internals/.apf.restore: No such file or directory

Why this error ??? I have found no documentation on google about this error ...

tdldp



Can't find anything about it ...
 
Back
Top