How to Install and Uninstall apf-firewall Package on Ubuntu 21.04 (Hirsute Hippo)
Last updated: May 10,2024
1. Install "apf-firewall" package
In this section, we are going to explain the necessary steps to install apf-firewall on Ubuntu 21.04 (Hirsute Hippo)
$
sudo apt update
Copied
$
sudo apt install
apf-firewall
Copied
2. Uninstall "apf-firewall" package
This guide let you learn how to uninstall apf-firewall on Ubuntu 21.04 (Hirsute Hippo):
$
sudo apt remove
apf-firewall
Copied
$
sudo apt autoclean && sudo apt autoremove
Copied
3. Information about the apf-firewall package on Ubuntu 21.04 (Hirsute Hippo)
Package: apf-firewall
Architecture: all
Version: 9.7+rev1-5.1
Priority: optional
Section: universe/net
Origin: Ubuntu
Maintainer: Ubuntu Developers
Original-Maintainer: Debian QA Group
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 269
Depends: iptables, lsb-base, wget, iproute2
Filename: pool/universe/a/apf-firewall/apf-firewall_9.7+rev1-5.1_all.deb
Size: 86092
MD5sum: 16e258359cc63bbc558943eb8e5e6f68
SHA1: 94b334fffbf1692adebeb1806c57ba8686bbe6f9
SHA256: 3014aed1612c72d9dd2acde028b802efe83402fc5d9b1c6ba5ca3440420e099c
SHA512: 0093bc8dbac3327752fbac72a41a9e476dee8a936796344fd7b52ae2c647b354c03c64eaf3eedc4513ae3aee82133d8b1d8d3b567688f3f33baf168356c46abb
Homepage: http://www.rfxn.com/projects/advanced-policy-firewall/
Description-en: easy iptables based firewall system
Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall
system designed around the essential needs of today's Internet deployed
servers and the unique needs of custom deployed Linux installations. The
configuration of APF is designed to be very informative and present the
user with an easy to follow process, from top to bottom of the
configuration file. The management of APF on a day-to-day basis is
conducted from the command line with the 'apf' command, which includes
detailed usage information and all the features one would expect from a
current and forward thinking firewall solution.
.
Summary of features:
* detailed and well commented configuration file
* granular inbound and outbound network filtering
* user id based outbound network filtering
* application based network filtering
* trust based rule files with an optional advanced syntax
* global trust system where rules can be downloaded from a central
management server
* reactive address blocking (RAB), next generation in-line intrusion
prevention
* debug mode provided for testing new features and configuration setups
* fast load feature that allows for 1000+ rules to load in under 1 second
* inbound and outbound network interfaces can be independently configured
* global tcp/udp port & icmp type filtering with multiple methods of
executing filters (drop, reject, prohibit)
* configurable policies for each ip on the system with convenience variables
to import settings
* packet flow rate limiting that prevents abuse on the most widely abused
protocol, icmp
* prerouting and postrouting rules for optimal network performance
* dshield.org block list support to ban networks exhibiting suspicious
activity
* spamhaus Don't Route Or Peer List support to ban known "hijacked zombie"
IP blocks
* any number of additional interfaces may be configured as firewalled
(untrusted) or trusted (not firewalled)
* additional firewalled interfaces can have there own unique firewall
policies applied
* intelligent route verification to prevent embarrassing configuration
errors
* advanced packet sanity checks to make sure traffic coming and going meets
the strictest of standards
* filter attacks such as fragmented UDP, port zero floods, stuffed routing,
arp poisoning and more
* configurable type of service options to dictate the priority of different
types of network traffic
* intelligent default settings to meet every day server setups
* dynamic configuration of your servers local DNS revolvers into the firewall
* optional filtering of common p2p applications
* optional filtering of private & reserved IP address space
Description-md5: 70a27f6569ccb5b877ccae4716aa7104
Architecture: all
Version: 9.7+rev1-5.1
Priority: optional
Section: universe/net
Origin: Ubuntu
Maintainer: Ubuntu Developers
Original-Maintainer: Debian QA Group
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 269
Depends: iptables, lsb-base, wget, iproute2
Filename: pool/universe/a/apf-firewall/apf-firewall_9.7+rev1-5.1_all.deb
Size: 86092
MD5sum: 16e258359cc63bbc558943eb8e5e6f68
SHA1: 94b334fffbf1692adebeb1806c57ba8686bbe6f9
SHA256: 3014aed1612c72d9dd2acde028b802efe83402fc5d9b1c6ba5ca3440420e099c
SHA512: 0093bc8dbac3327752fbac72a41a9e476dee8a936796344fd7b52ae2c647b354c03c64eaf3eedc4513ae3aee82133d8b1d8d3b567688f3f33baf168356c46abb
Homepage: http://www.rfxn.com/projects/advanced-policy-firewall/
Description-en: easy iptables based firewall system
Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall
system designed around the essential needs of today's Internet deployed
servers and the unique needs of custom deployed Linux installations. The
configuration of APF is designed to be very informative and present the
user with an easy to follow process, from top to bottom of the
configuration file. The management of APF on a day-to-day basis is
conducted from the command line with the 'apf' command, which includes
detailed usage information and all the features one would expect from a
current and forward thinking firewall solution.
.
Summary of features:
* detailed and well commented configuration file
* granular inbound and outbound network filtering
* user id based outbound network filtering
* application based network filtering
* trust based rule files with an optional advanced syntax
* global trust system where rules can be downloaded from a central
management server
* reactive address blocking (RAB), next generation in-line intrusion
prevention
* debug mode provided for testing new features and configuration setups
* fast load feature that allows for 1000+ rules to load in under 1 second
* inbound and outbound network interfaces can be independently configured
* global tcp/udp port & icmp type filtering with multiple methods of
executing filters (drop, reject, prohibit)
* configurable policies for each ip on the system with convenience variables
to import settings
* packet flow rate limiting that prevents abuse on the most widely abused
protocol, icmp
* prerouting and postrouting rules for optimal network performance
* dshield.org block list support to ban networks exhibiting suspicious
activity
* spamhaus Don't Route Or Peer List support to ban known "hijacked zombie"
IP blocks
* any number of additional interfaces may be configured as firewalled
(untrusted) or trusted (not firewalled)
* additional firewalled interfaces can have there own unique firewall
policies applied
* intelligent route verification to prevent embarrassing configuration
errors
* advanced packet sanity checks to make sure traffic coming and going meets
the strictest of standards
* filter attacks such as fragmented UDP, port zero floods, stuffed routing,
arp poisoning and more
* configurable type of service options to dictate the priority of different
types of network traffic
* intelligent default settings to meet every day server setups
* dynamic configuration of your servers local DNS revolvers into the firewall
* optional filtering of common p2p applications
* optional filtering of private & reserved IP address space
Description-md5: 70a27f6569ccb5b877ccae4716aa7104
4. References on Ubuntu 21.04 (Hirsute Hippo)
5. The same packages on other Linux Distributions
Popular Linux Distros
Ubuntu
Arch
Linux Mint
Fedora
Kali Linux
Debian
openSuSE
CentOS
Oracle Linux
Rocky Linux
Manjaro
AlmaLinux
Amazon Linux
Red Hat Enterprise Linux