APF (Advanced Policy Firewall) Kurulumu

[cakamen]

Quote:

Originally Posted by Gurbetseli

simdi bende senin gibi dusundum.. ve söyle bir cözüm ürettim... öncelikle eklenecek olan portlarin arasinda mecburi acilmasi gereken portlarin oldugu satira radyomun portlarini actim.. mesela 22,21,80,8443,8880 gibi portlarin sonuna kendi radyo portlarimi ekledim suan 1 portum haric digerleri normal calisiyor.. calismayanda bos olmadigi icindir...

Saol Gurbetseli,
Bende mesaji yazdiktan sonra denedim ve radyolar calisti
Senin mesajin icinde ayrica tesekkürler.
Belki yararlanan arkadaslar olur..

[Blade]

Quote:

Originally Posted by Gurbetseli

arkadaslar bende söyle birsey cikti kurulumda.. ./install.sh yaptigimda

HTML clipboardInstalling APF 9.7-1: eth0: error fetching interface information: Device not found Completed.

Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf

Other Details:
Listening TCP ports: 21,22,25,53,79,80,106,110,139,143,443,445,465,587, 993,995,8443,8880
Listening UDP ports: 53,137,138,40255
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.


Bu sekilde bisey cikti.. kirmizi ile yazili olan yerde error yaziyor acaba kurulum basarisizmi oldu acaba.. error neden verdi ve napabilirim..

centos 5 ve plesk 9 kurulu

bu hata bendede oldu nasil cözebilirim acaba

Centos 5.2
cpanel

kullaniyorum

[Gurbetseli]

sanirim önemli bir hata olmadigi icin kimse bisey yazmamais...

[xlygan]

cd apf-0.9.5-1/ bu komuttan sonra no directory bir seyler diyor ?

[servertr]

/usr/local/src diye komut girdiğimde aşağıdaki hatayı alıyorum


/usr/local/src
-bash: /usr/local/src: is a directory

[Gurbetseli]

Quote:

Originally Posted by servertr

/usr/local/src diye komut girdiğimde aşağıdaki hatayı alıyorum


/usr/local/src
-bash: /usr/local/src: is a directory

Sevgili arkadasim ssh de /usr/local/src böyle bir komut yazdiginda hata vermesi normaldir..

birde söyle dene isdersen

Quote:

cd /usr/local/src

sorunun cözülecektir..

[servertr]

Uygulamanın Bulunduğu Dizine girince şöyle hata veriyor

Komut cd apf-0.9.5-1/


root@server [/usr/local/src]# cd apf-0.9.5-1/
-bash: cd: apf-0.9.5-1/: No such file or directory
root@server [/usr/local/src]#

ne yapabiliriz



Tamam Sorunu Buldum

cd apf-0.9.5-1/ yerine cd apf-9.7-1/ yazıcaz böyle yapınca kuruluyor

[servertr]

• Ayar dosyamizi aciyoruz:

pico /etc/apf/conf.apf

• Dosya icinde asagidaki degisiklikleri yapiyoruz:

USE_DS="0"

ve 3 satir altindaki

USE_AD="0"

kisimlarini bulup

USE_DS="1"

USE_AD="1"

olarak degistiriyoruz


Yukaraıda yazanların hiç birini Ctrl w İle bulamaıyorum

örneğin USE_DS="0" aramak istiyorum ama bulmuyor

[volera]

Calvin arkadaşım /etc/apf/ad/conf.antidos şu komuta bir hata var böyle bir dosya klasör yok apf son sürümünü kurdum antidos ayarını nasıl yapabilirim?

[KLAMP]

pico /etc/apf/conf.apf

içeriği Açağıdaki Çıktıda Mevcut

bunların hiç birini bulmuyor ne yapmalıyım ?

USE_DS="0"


USE_AD="0"



USE_DS="1"

USE_AD="1"

PHP Code:

#!/bin/bash
#
# APF 9.7 [apf@r-fx.org]
###
# Copyright (C) 1999-2007, R-fx Networks <proj@r-fx.org>
# Copyright (C) 2007, Ryan MacDonald <ryan@r-fx.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
###
#
VER="9.7"
CNF="/etc/apf/conf.apf"
head() {
echo "APF version $VER <apf@r-fx.org>"
echo "Copyright (C) 1999-2007, R-fx Networks <proj@r-fx.org>"
echo "Copyright (C) 2007, Ryan MacDonald <ryan@r-fx.org>"
echo "This program may be freely redistributed under the terms of the GNU GPL"
echo ""
}
if [ -f "$CNF" ] && [ ! "$CNF" == "" ]; then
source $CNF
else
head
echo "\$CNF not found, aborting."
exit 1
fi
if [ ! -f $LOG_APF ]; then
touch $LOG_APF
chmod 600 $LOG_APF
eout "{glob} status log not found, created"
fi
start() {
##
# Fast Load
##
if [ "$SET_FASTLOAD" == "1" ]; then
# is this our first startup?
# if so we certainly do not want fast load
if [ ! -f "$INSTALL_PATH/internals/.last.full" ]; then
SKIP_FASTLOAD_FIRSTRUN=1
fi
# Is our last full load more than 12h ago?
# if so we are going to full load
if [ -f "$INSTALL_PATH/internals/.last.full" ]; then
LAST_FULL=`cat $INSTALL_PATH/internals/.last.full`
CURRENT_LOAD=`date +"%s"`
LOAD_DIFF=$[CURRENT_LOAD-LAST_FULL]
if [ ! "$LOAD_DIFF" -lt "43200" ]; then
SKIP_FASTLOAD_EXPIRED=1
fi
fi
# has our configuration changed since full load?
# if so full we go
MD5_FILES="$ADR $INSTALL_PATH/*.rules $INSTALL_PATH/internals/*.networks $INSTALL_PATH/vnet/*.rules"
if [ ! -f "$INSTALL_PATH/internals/.md5.cores" ]; then
SKIP_FASTLOAD_VARS=1
MD5_FIRSTRUN=1
else
EMPTY_MD5=`cat $INSTALL_PATH/internals/.md5.cores`
if [ "$EMPTY_MD5" == "" ]; then
$MD5 $MD5_FILES > $INSTALL_PATH/internals/.md5.cores 2> /dev/null
fi
$MD5 $MD5_FILES > $INSTALL_PATH/internals/.md5.cores.new 2> /dev/null 
VARS_DIFF=`$DIFF $INSTALL_PATH/internals/.md5.cores.new $INSTALL_PATH/internals/.md5.cores`
if [ ! "$VARS_DIFF" == "" ]; then
$MD5 $MD5_FILES > $INSTALL_PATH/internals/.md5.cores 2> /dev/null
SKIP_FASTLOAD_VARS=1
fi
fi
if [ "$DEVEL_ON" == "1" ]; then
SKIP_FASTLOAD_VARS=1
fi
if [ ! -f "$INSTALL_PATH/internals/.md5.cores.new" ] && [ -f "$INSTALL_PATH/internals/.md5.cores" ]; then
cp $INSTALL_PATH/internals/.md5.cores $INSTALL_PATH/internals/.md5.cores.new
fi
if [ ! -f "$INSTALL_PATH/internals/.last.vars" ]; then
$INSTALL_PATH/apf -o > $INSTALL_PATH/internals/.last.vars
SKIP_FASTLOAD_VARS=1
else
$INSTALL_PATH/apf -o > $INSTALL_PATH/internals/.last.vars.new
VARS_DIFF=`$DIFF $INSTALL_PATH/internals/.last.vars.new $INSTALL_PATH/internals/.last.vars`
if [ ! "$VARS_DIFF" == "" ]; then
$INSTALL_PATH/apf -o > $INSTALL_PATH/internals/.last.vars
SKIP_FASTLOAD_VARS=1
fi
fi
# check uptiime is greater than 5 minutes (300s)
UPSEC=`cat /proc/uptime | tr '.' ' ' | awk '{print$1}'`
if [ "$UPSEC" -lt "300" ]; then
SET_FASTLOAD_UPSEC=1
fi
# check if we are flagged to skip fast load, otherwise off we go
if [ "$SKIP_FASTLOAD_FIRSTRUN" == "" ] && [ "$SKIP_FASTLOAD_EXPIRED" == "" ] && [ "$SKIP_FASTLOAD_VARS" == "" ] && [ "$SET_FASTLOAD_UPSEC" == "" ]; then
devm
eout "{glob} activating firewall, fast load"
$IPTR $INSTALL_PATH/internals/.apf.restore
eout "{glob} firewall initalized"
if [ "$SET_VERBOSE" == "1" ] && [ "$DEVEL_ON" == "1" ]; then
eout "{glob} !!DEVELOPMENT MODE ENABLED!! - firewall will flush every 5 minutes."
fi
exit 0
elif [ "$SKIP_FASTLOAD_FIRSTRUN" == "1" ]; then 
eout "{glob} first run? fast load skipped [internals/.last.full not present]"
elif [ "$SKIP_FASTLOAD_EXPIRED" == "1" ]; then
eout "{glob} fast load snapshot more than 1h old, going full load"
elif [ "$SKIP_FASTLOAD_VARS" == "1" ]; then
eout "{glob} config. or .rule file has changed since last full load, going full load"
elif [ "$SET_FASTLOAD_UPSEC" == "1" ]; then
eout "{glob} uptime less than 5 minutes, going full load"
fi
fi
##
# Full Load
##
eout "{glob} activating firewall"
# record our last full load
date +"%s" > $INSTALL_PATH/internals/.last.full
if [ ! -f "$DS_HOSTS" ]; then
touch $DS_HOSTS
chmod 600 $DS_HOSTS
fi
if [ ! -f "$DENY_HOSTS" ]; then
touch $DENY_HOSTS
chmod 600 $DENY_HOSTS
fi
if [ ! -f "$ALLOW_HOSTS" ]; then
touch $ALLOW_HOSTS
chmod 600 $ALLOW_HOSTS
fi
# check devel mode
devm
# generate vnet rules
$INSTALL_PATH/vnet/vnetgen
# start main firewall script
$INSTALL_PATH/firewall
# check for/load bandmin
LOAD=`cat /proc/loadavg | tr '.' ' ' | awk '{print$1}'`
if [ ! "$LOAD" -gt "10" ]; then
bandmin
fi
eout "{glob} firewall initalized"
if [ "$MD5_FIRSTRUN" == "1" ]; then
$MD5 $MD5_FILES > $INSTALL_PATH/internals/.md5.cores 2> /dev/null
fi
firewall_on=`iptables -L --numeric | grep -vE "Chain|destination"`
if [ ! "$DEVEL_ON" == "1" ] && [ ! "$firewall_on" == "" ]; then
$IPTS > $INSTALL_PATH/internals/.apf.restore
eout "{glob} fast load snapshot saved"
fi
if [ "$SET_VERBOSE" == "1" ] && [ "$DEVEL_ON" == "1" ]; then
eout "{glob} !!DEVELOPMENT MODE ENABLED!! - firewall will flush every 5 minutes."
fi
}
case "$1" in
-s|--start)
start
;;
-f|--flush|--stop)
flush
;;
-l|--list)
list
;;
-t|-st|--status)
status
;;
-r|--restart)
$0 --flush
$0 --start
;;
-a|--allow)
cli_trust_allow $2 $3 $4 $5 $6 $7 $8 $9
;;
-d|--deny)
cli_trust_deny $2 $3 $4 $5 $6 $7 $8 $9
;;
-u|--remove|--unban)
cli_trust_remove $2 >> /dev/null 2>&1
eout "{trust} removed $2 from trust system"
if [ ! "$SET_VERBOSE" == "1" ]; then
echo "Removed $2 from trust system."
fi
;;
-e|--refresh)
refresh
;;
-o|--ovars)
head
ovars
;;
*)
head
help
esac
exit 0