Tuesday, August 25, 2015

APF fail start due a kernel version not equal to 2.4.x or 2.6.x (Ubuntu Server with kernel 3.x)

In the LAST POST we could install APF over a ubuntu server but....... APF from ubuntu repository could not start service for these reason:

root@ngnix1:/home# apf -s
apf(1129): {glob} activating firewall
apf(1169): {glob} kernel version not equal to 2.4.x or 2.6.x, aborting.
apf(1129): {glob} firewall initalized

So we have to review our kernel: (Mine is 3.16)

root@ngnix1:/home# uname -a
Linux ngnix1 3.16.0-30-generic #40~14.04.1-Ubuntu SMP Thu Jan 15 17:43:14 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

It is know that fail is a confirmed BUG in launchpad (Here more info) but there are two ways to complete install of APF: (I prefer the second one)

1) Bug could be fixed with hard-coding
vim /etc/apf-firewall/internals/functions.apf
After line 70 (MEXT="ko") have to be added the following content : 
elif [ "$KREL" == "3.16" ]; then
        MEXT="ko"

Note: 3.16 = kernel I am using

Later, it have to look like this: (showing here lines 68 to 74)
if [ "$KREL" == "2.4" ]; then
        MEXT="o"
elif [ "$KREL" == "2.6" ]; then
        MEXT="ko"
elif [ "$KREL" == "3.16" ]; then
        MEXT="ko"
elif [ ! "$KREL" == "2.4" ] && [ ! "$KREL" == "2.6" ]; then
Then start APF (apf -s)
root@ngnix1:/home/wmunguiam# apf -s
apf(1283): {glob} activating firewall
apf(1323): {glob} determined (IFACE_IN) eth0 has address 66.263.215.18
apf(1323): {glob} determined (IFACE_OUT) eth0 has address 66.263.215.18
apf(1323): {glob} loading preroute.rules
apf(1323): {glob} loading reserved.networks
apf(1323): {glob} SET_REFRESH is set to 10 minutes
apf(1323): {glob} loading bt.rules
...
apf(1323): {glob} opening inbound tcp port 22 on 0/0
apf(1323): {glob} opening inbound tcp port 80 on 0/0
...
apf(1323): {glob} resolv dns discovery for 8.8.8.8
apf(1323): {glob} resolv dns discovery for 8.8.4.4
apf(1323): {glob} loading postroute.rules
apf(1323): {glob} default (egress) output accept
apf(1323): {glob} default (ingress) input drop
apf(1283): {glob} firewall initalized
apf(1283): {glob} fast load snapshot saved
root@ngnix1:/home#
And of course iptables -L will show you rules enabled.

2) removing APF from repository and installing the last version manually
Remove APF: apt-get remove apf-firewall



Download lastest version and install:

wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

tar -xzvf apf-current.tar.gz

cd apf-9.7-2/

./install.sh

Installing APF 9.7-2: Completed.

Installation Details: Install path: /etc/apf/ Config path: /etc/apf/conf.apf Executable path: /usr/local/sbin/apf

Then have to edit APF configuration file: /etc/apf/conf.apf by setting DEVEL_MODE disabled (0) and adding allowed ports (22 and 80 for example) for Ingress TCP pors (IG_TCP_CPORTS).

Finally ensure that APF run at startup with: sysv-rc-conf (Set 2 3 4 5 enabled for APF):


That is all :P

No comments:

Post a Comment