Instalasi APF

Di postingan paling bawah itu ada tips car DDOS ip, nah iseng buka google saia nemu tool bagus buat menanggulangi ddos paling ndak mengurangi dikit packet yg masuk. hehehe
trus saia coba di serper saia.

[root@newbie ~]# curl -o apf-current.tar.gz http://www.rfxnetworks.com/downloads/apf-current.tar.gz
[root@newbie ~]# tar -zxf apf-current.tar.gz
[root@newbie ~]# ls -al
drwxr-x— 3 root root 4096 Jun 10 20:47 apf-0.9.6-2
-rw-r–r– 1 root root 99717 Jun 10 20:47 apf-current.tar.gz

nah sekarang masuk ke direktorinya,

[root@newbie ~]# cd apf-0.9.6-2
[root@newbie apf-0.9.6-2]# ./install.sh
Installing APF 0.9.6-2: Completed.

Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/

Other Details:
Listening TCP ports: 21,25,53,106,110,111,143,465,744,993,995,1234,2020,3306,5050,8443,8880,12241,26008,39391,43210,50550
Listening UDP ports: 53,111,631,738,741,5353,32768,32771
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.

cmd berikut buat liat isi optionnya, ato bisa ketik “apf” saja.

[root@rhe apf-0.9.6-2]# /usr/local/sbin/apf
apf(26961): {glob} status log not found, created
APF version 0.9.6
Copyright (C) 1999-2007, R-fx Networks
Copyright (C) 2007, Ryan MacDonald
This program may be freely redistributed under the terms of the GNU GPL

usage /usr/local/sbin/apf [OPTION]
-s|–start ……………………. load all firewall rules
-r|–restart ………………….. stop (flush) & reload firewall rules
-f|–stop…….. ……………… stop (flush) all firewall rules
-l|–list …………………….. list all firewall rules
-t|–status …………………… output firewall status log
-a HOST CMT|–allow HOST COMMENT … add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|–deny HOST COMMENT …. add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall
-u|–unban HOST ……………….. remove host from [glob]*_hosts.rules
and immediately remove rule from firewall
-o|–ovars ……………………. output all configuration options

buat start cmdnya -s ato “apf -s”

[root@newbie apf-0.9.6-2]# /usr/local/sbin/apf -s
apf(26982): {glob} activating firewall
apf(27026): {glob} determined (IFACE_IN) eth0 has address XX.XX.XX.XX
apf(27026): {glob} determined (IFACE_OUT) eth0 has address XX.XX.XX.XX
apf(27026): {glob} loading preroute.rules
apf(27026): {resnet} downloading http://r-fx.ca/downloads/reserved.networks
apf(27026): {resnet} parsing reserved.networks into /etc/apf/internals/reserved.networks
apf(27026): {glob} loading reserved.networks
apf(27026): {glob} loading bt.rules
apf(27026): {dshield} downloading http://feeds.dshield.org/top10-2.txt
apf(27026): {dshield} parsing top10-2.txt into /etc/apf/ds_hosts.rules
apf(27026): {dshield} loading ds_hosts.rules
apf(27026): {sdrop} downloading http://www.spamhaus.org/drop/drop.lasso
apf(27026): {sdrop} parsing drop.lasso into /etc/apf/sdrop_hosts.rules
apf(27026): {sdrop} loading sdrop_hosts.rules
apf(27026): {glob} loading common drop ports
apf(27026): {blk_ports} deny all to/from tcp port 135:139
apf(27026): {blk_ports} deny all to/from udp port 135:139
apf(27026): {blk_ports} deny all to/from tcp port 111
apf(27026): {blk_ports} deny all to/from udp port 111
apf(27026): {blk_ports} deny all to/from tcp port 513
apf(27026): {blk_ports} deny all to/from udp port 513
apf(27026): {blk_ports} deny all to/from tcp port 520
apf(27026): {blk_ports} deny all to/from udp port 520
apf(27026): {blk_ports} deny all to/from tcp port 445
apf(27026): {blk_ports} deny all to/from udp port 445
apf(27026): {blk_ports} deny all to/from tcp port 1433
apf(27026): {blk_ports} deny all to/from udp port 1433
apf(27026): {blk_ports} deny all to/from tcp port 1434
apf(27026): {blk_ports} deny all to/from udp port 1434
apf(27026): {blk_ports} deny all to/from tcp port 1234
apf(27026): {blk_ports} deny all to/from udp port 1234
apf(27026): {blk_ports} deny all to/from tcp port 1524
apf(27026): {blk_ports} deny all to/from udp port 1524
apf(27026): {blk_ports} deny all to/from tcp port 3127
apf(27026): {blk_ports} deny all to/from udp port 3127
apf(27026): {pkt_sanity} set active PKT_SANITY
apf(27026): {pkt_sanity} deny inbound tcp-flag pairs ALL NONE
apf(27026): {pkt_sanity} deny inbound tcp-flag pairs SYN,FIN SYN,FIN
apf(27026): {pkt_sanity} deny inbound tcp-flag pairs SYN,RST SYN,RST
apf(27026): {pkt_sanity} deny inbound tcp-flag pairs FIN,RST FIN,RST
apf(27026): {pkt_sanity} deny inbound tcp-flag pairs ACK,FIN FIN
apf(27026): {pkt_sanity} deny inbound tcp-flag pairs ACK,URG URG
apf(27026): {pkt_sanity} deny inbound tcp-flag pairs ACK,PSH PSH
apf(27026): {pkt_sanity} deny inbound tcp-flag pairs ALL FIN,URG,PSH
apf(27026): {pkt_sanity} deny inbound tcp-flag pairs ALL SYN,RST,ACK,FIN,URG
apf(27026): {pkt_sanity} deny inbound tcp-flag pairs ALL ALL
apf(27026): {pkt_sanity} deny inbound tcp-flag pairs ALL FIN
apf(27026): {pkt_sanity} deny outbound tcp-flag pairs ALL NONE
apf(27026): {pkt_sanity} deny outbound tcp-flag pairs SYN,FIN SYN,FIN
apf(27026): {pkt_sanity} deny outbound tcp-flag pairs SYN,RST SYN,RST
apf(27026): {pkt_sanity} deny outbound tcp-flag pairs FIN,RST FIN,RST
apf(27026): {pkt_sanity} deny outbound tcp-flag pairs ACK,FIN FIN
apf(27026): {pkt_sanity} deny outbound tcp-flag pairs ACK,PSH PSH
apf(27026): {pkt_sanity} deny outbound tcp-flag pairs ACK,URG URG
apf(27026): {pkt_sanity} deny all to/from 255.255.255.255
apf(27026): {pkt_sanity} deny all to/from 0.0.0.255/0.0.0.255
apf(27026): {pkt_sanity} deny all fragmented udp
apf(27026): {pkt_sanity} deny inbound tcp port 0
apf(27026): {pkt_sanity} deny outbound tcp port 0
apf(27026): {blk_p2p} set active BLK_P2P
apf(27026): {blk_p2p} deny all to/from tcp port 1214
apf(27026): {blk_p2p} deny all to/from udp port 1214
apf(27026): {blk_p2p} deny all to/from tcp port 2323
apf(27026): {blk_p2p} deny all to/from udp port 2323
apf(27026): {blk_p2p} deny all to/from tcp port 4660:4678
apf(27026): {blk_p2p} deny all to/from udp port 4660:4678
apf(27026): {blk_p2p} deny all to/from tcp port 6257
apf(27026): {blk_p2p} deny all to/from udp port 6257
apf(27026): {blk_p2p} deny all to/from tcp port 6699
apf(27026): {blk_p2p} deny all to/from udp port 6699
apf(27026): {blk_p2p} deny all to/from tcp port 6346
apf(27026): {blk_p2p} deny all to/from udp port 6346
apf(27026): {blk_p2p} deny all to/from tcp port 6347
apf(27026): {blk_p2p} deny all to/from udp port 6347
apf(27026): {blk_p2p} deny all to/from tcp port 6881:6889
apf(27026): {blk_p2p} deny all to/from udp port 6881:6889
apf(27026): {blk_p2p} deny all to/from tcp port 6346
apf(27026): {blk_p2p} deny all to/from udp port 6346
apf(27026): {blk_p2p} deny all to/from tcp port 7778
apf(27026): {blk_p2p} deny all to/from udp port 7778
apf(27026): {glob} loading log.rules
apf(27026): {glob} virtual net subsystem disabled.
apf(27026): {glob} loading main.rules
apf(27026): {glob} opening inbound tcp port 22 on 0/0
apf(27026): {glob} opening inbound icmp type 3 on 0/0
apf(27026): {glob} opening inbound icmp type 5 on 0/0
apf(27026): {glob} opening inbound icmp type 11 on 0/0
apf(27026): {glob} opening inbound icmp type 0 on 0/0
apf(27026): {glob} opening inbound icmp type 30 on 0/0
apf(27026): {glob} opening inbound icmp type 8 on 0/0
apf(27026): {glob} resolv dns discovery for 216.187.125.130
apf(27026): {glob} resolv dns discovery for 216.187.125.131
apf(27026): {glob} loading postroute.rules
apf(27026): {glob} default (egress) output accept
apf(27026): {glob} default (ingress) input drop
apf(26982): {glob} firewall initalized
apf(26982): {glob} !!DEVELOPMENT MODE ENABLED!! - firewall will flush every 5 minutes.

masukan “*/8 * * * * root /etc/apf/ad/antidos -a >> /dev/null 2>&1” di crontab.

Inga inga jangan lupa pasang port sentry dan snort

semoga membantu

Post by Newbie In Forum Jatimcom