Hello, friends. In this post, you will learn how to install APF on Rocky Linux 9 / Alma Linux 9.
According to the project website:
APF is an iptables(netfilter) based firewall system designed around
The essential needs of today’s Internet deployed servers and the unique
needs of custom deployed Linux installations.
One of the main features of APF is that it is easy to configure. This is important so that we can use it without hassle.
Some features of APF are:
- Detailed and well commented configuration file
- Granular inbound and outbound network filtering
- User ID based outbound network filtering
- Application-based network filtering
So let’s go for it. Let’s install APF and apply some initial settings.
Install APF on Rocky Linux 9 / Alma Linux 9
APF is not included in the official repositories of Rocky Linux 9, but this does not prevent us from installing it without any problems.
First, open a terminal and update the whole system:
sudo dnf update
Then, you can download it
Thereafter, unzip it
tar -zxf apf-current.tar.gz
This creates a folder with the name and version of APF. Access it.
There you will find a file called
install.sh which is an installation script to ease the whole process.
Run it with root permissions to start the installation process:
If all goes well, you will see a screen output like the following
As you can see, the process is simple. There you will also see the APF configuration and administration paths.
Configuring APF on Rocky Linux 9 / Alma Linux 9
The paths that APF handles are simple. In the case of the configuration, the path indicated is
/etc/apf/conf.apf this file can be backed up before editing it.
sudo cp /etc/apf/conf.apf /etc/apf/conf.apf.bak
Now, with more freedom, you can edit it
sudo vi /etc/apf/conf.apf
The first thing you have to do is to set the network interface where the rules will be applied
Below, you will find the
IG_UDP_CPORTS directives, which is where you define the ports where both TCP and UDP connections will be received.
Of course, define as many as you want and need.
Further ahead, find the outgoing ports enabled in both TCP and UDP
Actually, the file is very well documented. When you are ready, save the changes and close the editor.
Restart the APF runtime
sudo apf -r
If everything is OK and you are satisfied, then you can use APF in production mode. Re-edit the configuration file.
sudo vi /etc/apf/conf.apf
And at the top of the file you will see the
DEVEL_MODE parameter which will have value
1 so change it to
Save the changes, close the editor and restart APF, and now you are ready for battle.
Finally, you can also make it start with the system
sudo chkconfig -level 2345 apf on
APF is an important firewall that is easy to configure and manage on Rocky Linux 9 / Alma Linux 9, so now it’s your turn to use it on your systems.