APF(Advanced Policy Firewall) is a modular iptables-based firewall designed for ease of use and configurability.
APF requires that you have Red Hat 7.2 or better
Both quick-start and custom rules configurations are supported.
APF has built in support for DShield.org’s “block” list of networks that have exhibited suspicious activity and that you might consider blocking.
Installation is via rpm -Uvh of the rpm download.
APF general configuration settings are kept in /etc/apf/conf.apf . You will need to specify the ports that you need open across all IP’s on the system being protected to the outside world in the TCP_CPORTS and UDP_CPORTS lines in this file. APF has built in support for common web hosting ports; these would be 21, 25, 80, 110, and 443
For example, on Ensim this would be 22, 19638 on TCP. For Plesk, it would be 22,8443. You would also need 53 for DNS, and other ports as needed.
# Common TCP Ports
TCP_CPORTS=”21,22,25,53,80,110,143, 443, 19638″
# Common UDP Ports
Please review the /usr/share/doc/apf-0.8.4/README file for further details.