Filewatcher File Search File Search
Content Search
» » » » »


easy iptables based firewall system

Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today's Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, from top to bottom of the configuration file. The management of APF on a day-to-day basis is conducted from the command line with the 'apf' command, which includes detailed usage information and all the features one would expect from a current and forward thinking firewall solution.

Summary of features: * detailed and well commented configuration file * granular inbound and outbound network filtering * user id based outbound network filtering * application based network filtering * trust based rule files with an optional advanced syntax * global trust system where rules can be downloaded from a central management server * reactive address blocking (RAB), next generation in-line intrusion prevention * debug mode provided for testing new features and configuration setups * fast load feature that allows for 1000+ rules to load in under 1 second * inbound and outbound network interfaces can be independently configured * global tcp/udp port & icmp type filtering with multiple methods of executing filters (drop, reject, prohibit) * configurable policies for each ip on the system with convenience variables to import settings * packet flow rate limiting that prevents abuse on the most widely abused protocol, icmp * prerouting and postrouting rules for optimal network performance * block list support to ban networks exhibiting suspicious activity * spamhaus Don't Route Or Peer List support to ban known "hijacked zombie" IP blocks * any number of additional interfaces may be configured as firewalled (untrusted) or trusted (not firewalled) * additional firewalled interfaces can have there own unique firewall policies applied * intelligent route verification to prevent embarrassing configuration errors * advanced packet sanity checks to make sure traffic coming and going meets the strictest of standards * filter attacks such as fragmented UDP, port zero floods, stuffed routing, arp poisoning and more * configurable type of service options to dictate the priority of different types of network traffic * intelligent default settings to meet every day server setups * dynamic configuration of your servers local DNS revolvers into the firewall * optional filtering of common p2p applications * optional filtering of private & reserved IP address space

Package version:9.7+rev1-3


apf-firewall for Debian

On your first installation of APF it will come pretty bare in the way of 
preconfigured options, this is intentional. The most common issue with many
firewalls is that they come configured with so many options that a user may
never use or disable, that it leaves systems riddled with firewall holes.

APF comes configured with only a single incoming p


[disclaimer: work in progress still]
APF (Advanced Policy Firewall) - 9.7 []
 Copyright (C) 1999-2007, R-fx Networks <>
 Copyright (C) 2007, Ryan MacDonald <>

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of th


Running the provided install script will setup the dshield client to parse APF
iptable logs daily and submit a summary report to for inclusion
into global attack trends. This feature is directly related to the dsheild drop
list as such list is possible by providing the site with live world
firewall event logs.

Simply execute the install script and a preconfigured setup of 


APF(1)                                                        APF(1)

       apf - easy iptab


apf-firewall (9.7+rev1-3) unstable; urgency=low

  * [7e08452] Added iproute in Depends (Closes: #63


- 9.7
[Fix] added stricter checking of local addresses in the trust system
[Fix] if wget dis


This package was debianized by Giuseppe Iuculano <> on
Sun, 17 Aug 2008 17:45:41

Browse inside apf-firewall_9.7+rev1-3_all.deb

         [DIR]DEBIAN/ (6)  65535+ mirrors
         [DIR]etc/ (5)  65535+ mirrors
         [DIR]usr/ (2)  65535+ mirrors

Download apf-firewall_9.7+rev1-3_all.deb

Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017