Udover alle de tiltag, man kan sætte op for at forhindre fremmende adgang til ens VPS, så er det helt klart man også skal være bag en Firewall. Da jeg nu allerede vha. Blockhosts bl.a. er i gang med IPtables og regler er Advanced Policy Firewall (APF) er en oplagt firewall. APF er en iptabel (netfilter) baseret software firewall der kører på Linux. Den kan bl.a. downloades fra R-fx networks.

R-Fx networks beskriver deres firewall som;

APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux.

En rigtig god installations vejlledning af APF kan du finde hos HalfZeroCan. Med APF på systemet og konfigureret vil alle drop events kunne findes i /var/log/messages. /var/log/messages indeholder dog også drops fra kernel og andre *.info events - og administrationen kan derfor godt engang imellem virke lidt uoverskuelig. Derfor kan det være dels rart med flere log filer, og hvad angår APF drops kan det blive ret avanceret mht. deres udseende - se f.eks her;

Jul 13 10:04:06 transdoshan kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:12:3F:92:E2:24 SRC=192.95.5.12 DST=84.120.112.12 LEN=40 TOS=0x04 PREC=0x00 TTL=240 ID=29203 DF PROTO=TCP SPT=34655 DPT=113 WINDOW=8760 RES=0x00 RST URGP=0

Sådan ser mine drops nu ud efter at have fulgt nedenstående vejlledning;

This tuto will show you how to config the system to have differents logs files for APF drop events and Kernel events. We also show how to setup relative soft to read the good APF drop logs files (like BFD and AntiDos also from rfx).

This config only works with APF 0.9.6. (a tweak has been done for 0.9.5 version see
H E R E
Please note that the current version of interworxs APF is 0.9.5 and this tuto has not been tested with this version of APF (0.9.5). If need you may upgrade APF to the 0.9.6 version. We have few interworx-cp boxes with this APFs version without any pbm.