ttp://www.webhostgear.com/61.html
http://www.webhostgear.com/forums/showthread.php?t=212
http://www.crucialp.com/resources/tutorials/secure-server-securing/how-to-install-apf-advanced-policy-firewall.php
 

OR


APF with AntiDOS Installation
===================
Login to your server through SSH as root user.

1. cd /usr/src or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

3. tar -xvzf apf-current.tar.gz

4. cd apf-0.9.6-1/ or whatever the latest version is.

5. Run the install file: ./install.sh
You will receive a message saying it has been installed


APF CONFIGURATION
==============
/etc/apf/conf.apf

1) Change USE_DS="0" to USE_DS="1"

2) Change the Value of IG_TCP_CPORTS to
IG_TCP_CPORTS="21,22,25,26,53,80,110,143,443,465,953,993,995,2082,2083,2086,2087,2095,2096,3306,5666,3000_3500"

3) Change the Value of IG_UDP_CPORTS to
IG_UDP_CPORTS="53"

4) The value of EGF should be EGF="1"

5) Change the value of EG_TCP_CPORTS to
EG_TCP_CPORTS="21,25,37,53,80,110,113,443,43,873,953,2089,3306"

6) Change the Value of EG_UDP_CPORTS to
EG_UDP_CPORTS="20,21,53,873,953,6277"

7) Change the value of USE_AD to
USE_AD="1"

Cool Please note that there is no COMMENT SYMBOL (#) to the left of each CONSTANT

9) Change the Value of DEVEL_MODE to
DEVEL_MODE="1"

10) Save and quit.

11) From the shell, run
chkconfig --del apf
apf -s

12) Run tail -f /var/log/apf_log for about ten minutes.

13) If there are no issues and the firewall gets flushed every five minutes,
You can get into the conf file and edit the value of DEVEL_MODE to 0, that is, change it to DEVEL_MODE="0"

******************************************************************************************************
See the apf rulesets for Plesk and Ensim control panels.


----Ensim -----
IG_TCP_CPORTS="21,22,25,53,80,110,143,443,19638"
IG_UDP_CPORTS="53"

EGF="1"
EG_TCP_CPORTS="21,22,25,53,80,110,443"
EG_UDP_CPORTS="20,21,53"



----Plesk -----

IG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,8443"
IG_UDP_CPORTS="37,53,873"

EGF="1"
EG_TCP_CPORTS="20,21,22,25,53,37,43,80,113,443,465,873,5224"
EG_UDP_CPORTS="53,873"
_________________
******************************************************************************************************

I think its better to explain what all these ports are doing and want to suggest adding few more ports to the conf file.

Common ingress (inbound) TCP ports
IG_TCP_CPORTS="21,22,25,53,80,110,143,465,953,993, 995,2082,2083,2 084,2086,2087,2095,2096,3306,6666,7786,3000_3500"

Note: If you changed the port for SSH, be sure to include that port and remove port 22.

21 FTP (TCP)
22 SSH (TCP)
25 SMTP (TCP)
53 DNS - Domain Name Server (TCP)
80 HTTP (TCP)
110 POP3 (TCP)
143 IMAP (TCP)
443 HTTPS (TCP)
465 sSMTP (TCP)
953 ??BIND??
993 IMAP4 protocol over TLS/SSL (TCP)
995 POP3 protocol over TLS/SSL (was spop3) (TCP)
2082 CPANEL (http://sitename.com:2082) (TCP)
2083 CPANEL SSL (https://sitename.com:2083) (TCP)
2084 entropychat server (disable from CPANEL service manager if not used) (TCP)
2086 WHM (http://sitename.com:2086) (TCP)
2087 WHM SSL (https://sitename.com:2087) (TCP)
2095 WebMail (http://sitename.com:2095) (TCP)
2096 WebMail SSL (https://sitename.com:2096)
3306 mySQL remote access (TCP)
6666 Melange chat Server (disable from CPANEL service manager if not used) (TCP)
7786 Interchange (TCP)
3000_3500
-----
5100 for ASP,
8080 and 8443 for JSP if you use them.
-----

Common ingress (inbound) UDP ports
IG_UDP_CPORTS="53,6277

-----
53 DNS - Domain Name Server
6277 SpamAssassin / DCC (email scanning)
-----

Common ICMP (inbound) types
IG_ICMP_TYPES="3,5,11,0,30,8"

-----
0 Echo Reply
3 Destination Unreachable
5 Destination Unreachable
8 Echo
11 Time Exceeded
30 Traceroute
-----

Common egress (outbound) TCP ports
EG_TCP_CPORTS="21,25,37,53,80,110,113,#123,443,43, 873,953,2089,27 03,3306"

-----
21 FTP
25 SMTP
37 Required for CPANEL Licensing
53 DNS - Domain Name Server
80 HTTP
110 POP3 (if you have scripts that need to retrieve email via POP, e.g. HelpDesk)
113 Authentication Protocol (AUTH)
123 NTP (Network Time)
443 HTTPS
43 WHOIS
873 rsync (CPanel updates)
953 BIND ??
2089 Required for CPANEL Licensing
2703 Razor (email scanning)
3306 mySQL remote access
-----

Common egress (outbound) UDP ports
EG_UDP_CPORTS="20,21,53,873,953,6277"

-----
20 ftp-data
21 FTP
53 DNS - Domain Name Server
873 rsync
953 BIND ??
6277 SpamAssassin / DCC (email scanning)
-----

Common ICMP (outbound) types
EG_ICMP_TYPES="all"




$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
to add an ip in allow
/etc/apf/apf -a 68.188.219.181