Linux Administrator

How to Allow Ports in APF on Dedicated Server

Allow-ports-in-APF
mm
Written by Santosh Prasad

In Advanced Policy Firewall (APF) most ports are blocked except those needed for web servers to operate such as 80,443,22 etc. If you want to open ports for software other than normal web software, you will need to edit its configuration file located at /etc/apf/conf.apf.

In this article I will show how you can open ports in APF on your dedicated server.

Enable Access To Port Number From Every Where

In below steps I will go over how to open up port 2022 on your dedicated server.

1. First of all Log into your dedicated server via SSH as the root user.

2. Now open and edit the following file with your favourite editor such as nana or vim.

# vim /etc/apf/conf.apf

3. Next search for the term ingress and you should find Common inbound TCP Ports ( Near Line 369 ).

IG_TCP_CPORTS="22"

4. After finding Common inbound TCP ports as shown above, now add the port you wish to open, in my case port number 2022 by adding it to the comma separated list as shown below.

IG_TCP_CPORTS="22,2022"

5. Close and save the file. For vim hit the escape button on your keyboard then type :wq and hit enter.

6. Save the APF setting typing below command.

# apf -r

You will some output like below:

apf(6142): {glob} flushing & zeroing chain policies
apf(6142): {glob} firewall offline
apf(6178): {glob} activating firewall
apf(6218): {glob} determined (IFACE_IN) venet0 has address 127.0.0.1
apf(6218): {glob} determined (IFACE_OUT) venet0 has address 127.0.0.1
apf(6218): {glob} loading preroute.rules
apf(6218): {resnet} downloading http://cdn.rfxn.com/downloads/reserved.networks
apf(6218): {resnet} download of http://cdn.rfxn.com/downloads/reserved.networks failed
apf(6218): {glob} loading reserved.networks
apf(6218): {glob} loading bt.rules
apf(6218): {glob} loading common drop ports
apf(6218): {blk_ports} deny all to/from tcp port 135:139
apf(6218): {blk_ports} deny all to/from udp port 135:139
........
........
apf(6218): {glob} opening inbound tcp port 2022 on 0/0
apf(6218): {glob} opening inbound tcp port 50000:51000 on 0/0
apf(6218): {glob} opening inbound icmp type 3 on 0/0
......
.....

7. In above output you can see the 2022 is globally accessible.

Congratulations!, you have Allowed Ports in APF on your Dedicated Server.

Thank you! for visiting Look Linux.

If you find this tutorial helpful please share with your friends to keep it alive. For more helpful topic browse my website www.looklinux.com. To become an author at Look Linux Submit Article. Stay connected to Facebook.

About the author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Leave a Comment