I installed apf firewall on a client machine to check that everything is Ok before I actually install apf on a production server.

Installation was easy, but then my browser cannot visit any url in the Internet - the computer is completely secured .

Well, for my testing purposes I set in /etc/apf/conf.apf

IG_TCP_CPORTS="22,25,80,443,995"
EG_TCP_CPORTS="22,25,80,443,995"
IG_UDP_CPORTS="53"
IG_UDP_CPORTS="53"

This is not quite correct, but I want to see a change - visit a url in the Internet. But my browser still not go to any url.

I want to test apf on the client computer (connected to the Internet via ADLS). Is it possible?
Please advice.

Thanks
Evgeny

Run a port scan against your host system.
Just FYI by installing APF doesn't mean your system is secure by far. There are many layers to administration of a web server, a firewall is only one layer.

Thank you

Steve

Hi,
can I use apf firewall on the client machine?

I currently use Bastille and browser can go to the Internet.

I'm just courious why my browser cannot go to the Internet when I start apf firewall with port 80 openned for both in and out streams?

Must I remove or stop my current Bastille before starting apf?

Waiting for your advice.
Evgeny

Evgeny,

Use only one firewall such as APF. Do not use APF and bastille combined or you'll get unexplained results. Unintall and remove bastille first.

You should have a firewall installed on your server. Whatever you have on your local machine is up to you depending on what OS it is.

Hi,

I uninstalled Bastille. Run apf firewall with open port 80 for "in" and "out".

IG_TCP_CPORTS="22,25,80,443,995"
EG_TCP_CPORTS="22,25,80,443,995"
IG_UDP_CPORTS="53"
IG_UDP_CPORTS="53"

Browser on the client machine still not able to go to the Internet. If I stop apf, the browser can access Internet. What is wrong?

Thanks
Evgeny

You need to read the APF tutoral here, there are many more ports to pen pending on the control panel you are using. Search Ev1 for APF and find the huge how-to on it for cPanel and they discuss which one's should be incoming and outgoing for it. But just setting 80 does'nt mean that the server will run.