Install APF
* Download latest version
$ wget http://www.r-fx.ca/downloads/apf-current.tar.gz
* Unpack
$ tar -zxf apf-current.tar.gz
* Change to upacked directory (default : apf-0.9.6-1/)
$ cd apf-0.9.6-1
* Patch the install.sh script
$ sed ‘s/\/etc\/rc.d\/init.d/\/etc\/init.d/g’ install.sh > tmpinst && mv tmpinst install.sh && chmod +x install.sh
* Patch the functions.apf script
$ sed ‘s/ml ipt_state 1/ml xt_state/g’ files/internals/functions.apf > tmpfunc && mv tmpfunc files/internals/functions.apf
* Patch cron script ‘cron.daily’
$ sed ‘s/\/etc\/rc.d\/init.d/\/etc\/init.d/g’ cron.daily > tmpcron && mv tmpcron cron.daily
* Create symbolic link for iptables
$ ln -s /usr/sbin/iptables /sbin/iptables
* Run install.sh
$ ./install.sh
* Edit APF configuration
$ nano -w /etc/apf/conf.apf
* Replace APFs /etc/init.d/apf script with
#!/bin/sh
#
# APF SuSE init.d script
# APF supplied script doesn’t work on SuSE
#
### BEGIN INIT INFO
# Provides: apf
# Required-Start: $network
# Should-Start:
# Required-Stop:
# Should-Stop:
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
# Short-Description: apf provides simple firewall
# Description: Starts APF filewall to provide
# simple firewall services.
### END INIT INFO
#
#
ipt=”/sbin/iptables”
inspath=”/etc/apf”
prog=”apf”
. /etc/rc.status
rc_reset
case “$1” in
start)
/usr/local/sbin/apf –start
exit 0
;;
stop)
chains=`cat /proc/net/ip_tables_names 2>/dev/null`
for i in $chains; do $ipt -t $i -F; done
for i in $chains; do $ipt -t $i -X; done
$ipt -P INPUT ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -P FORWARD ACCEPT
exit 0
;;
restart)
$0 stop
$0 start
;;
*)
echo “usage: $0 [start|stop|restart]”
esac
rc_exit
* Start APF
$ /etc/apf/apf –start
