APF (Advanced Policy Firewall) is an easy to install and configure firewall package that many users choose to run on their WHM/Cpanel servers for security. The installation and configuration need to be done via an ssh connection as root. Here are the steps involved:

Log in as root, then run the following commands, one at a time.

(If you receive an error message on any of the commands, check your typing or make note of the error and either search Google or your favorite search engine for the error, or open a ticket with support.)

wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

tar xzvf apf-current.tar.gz

cd apf-*


APF will notify you once the installation is complete. Once complete you will need to configure which ports the firewall allows. Using your favorite editor, edit the file. I’m using nano because it’s the simplest for new users.

nano /etc/apf/conf.apf

You will need to look for the portion of the file that contains “Common ingress (inbound) ports” and edit it so that it reflects these values:



# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=” 20,21,22,25,26,53,80,110,143,443,465,993,995,2077,2078,2082,

# Common ingress (inbound) UDP ports

# Common ICMP (inbound) types
# ‘internals/icmp.types’ for type definition; ‘all’ is wildcard for any

# Common egress (outbound) TCP ports

# Common egress (outbound) UDP ports

# Common ICMP (outbound) types
# ‘internals/icmp.types’ for type definition; ‘all’ is wildcard for any

Once this is done you can start the APF service by issuing the command:

/usr/local/sbin/apf -s

At this point you will need to test all of your ports functionality.  If everything is fine, you’ll need to edit your /etc/apf/conf.apf file one more time.  Find


and change it to


This will prevent APF from clearing itself every 5 minutes.  While that is useful for testing, you don’t want your rules disappearing regularly.