Install and Configure APF Firewall on an Ubuntu Server

In a previous post, we learned how to install a basic LAMP server setup on an Ubuntu Server. Once you have Apache, MySQL, and PHP up and running, you should strongly consider reconfiguring your firewall to accommodate it, while still keeping your server secure. While you could labor at iptables configuration manually, there are some easier and more coherent options, such as APF (Advanced Policy Firewall), which is based on APF and makes setting up firewall rules much easier.

APF is available in the Ubuntu system online repository. To install simply run apt-get:

$ sudo apt-get install apf-firewall

APF will not be started until you confirm that the settings are correct and then enable it. Begin by editing the firewall configuration file located in /etc/apf-firewall/conf.apf. Two key lines you might want to edit include the common inbound TCP ports (IG_TCP_CPORTS) and common outbound TCP ports (EG_TCP_CPORTS), adding any ports for services you need to run and have open. For example, if your web-based control panel will use port 4382, you will need to list it here.

You can test the firewall at this point and when you are ready for it to go live, you need to turn off development mode:


Next, save the configuration file and edit /etc/default/apf-firewall and enable it with:


Finally, you can start APF by running:

$ sudo service apf-firewall start