APF as a firewall tool
Working in a hosting company brought some standards of use. Personally, I always have a handy premade set of "iptables" rules in one file which I copy and modify at need for my servers, like I suppose majority of system administrators do.
Although I do manage APF tool on my work, just recently I have put it in my personal use.
APF is netfilter (iptables based) firewall system designed to cover all advanced needs of your workstation for net filtering.I will just mention a few of its features that are most interesting to me and maybe will draw your attention:
- Detailed and well commented configuration file (very easy to modify and adjust to user's personal needs)
- Reactive address blocking (RAB), next generation in-line intrusion prevention
- Fast load feature that allows for 1000+ rules to load in under 1 second
- Spamhaus don't route or Peer List support to ban known ìhijacked zombie IP blocks
- Intelligent route verification to prevent embarrassing configuration errors
Those are just a few, they have on their website a lot more, that or more or less useful. Overall, I think it's a good practice to introduce APF to your workstation, and let the filtering go at ease.Anyhow, if you feel curious about it, google "APF firewall" and it'll bring you right to their website.
For you who have experience with APF or maybe even better project, please feel welcome to comment.