Q. I've CentOS Linux server configured with APF firewall. How do I open port 22 from specific IP address only? I've fix static ADSL IP address assgined and I'd like to open port 22 from my IP 202.5.1.3 only using APF firewall script. How do I configure firewall?
A. You need to edit two files:
a) /etc/apf/conf.apf - Main configuration file
b) /etc/apf/allow_hosts.rules - File to allow host wise configuration. You can set trust based rulesto grant access all or specific IP and port via the firewall.
APF Configuration
Open file /etc/apf/conf.apf, enter:
# vi /etc/apf/conf.apf
Find line that read as follows:
IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,3306"
ake sure you remove 22 from the list, so that it read as follows:
IG_TCP_CPORTS="20,21,25,53,80,110,143,443,3306"
Save and close the file. Now, open /etc/apf/allow_hosts.rules
# vi /etc/apf/allow_hosts.rules
Allow incomming SSH (TCP port # 22) traffic from your own ADSL connection only 202.5.1.3, append following text.
tcp:in:d=22:s=202.5.1.3
Save and close the file. Restart APF firewall:
# /etc/init.d/apf restart
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins

- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -


{ 2 comments… read them below or add one }
thanks for the ip adress will hack it soon
Yeah :D Also you could start scanning ’0.0.0.0 – 255.255.255.255′ ;D