InterWorx Firewall Guide

1.1 Introduction:

1.1.1 What is a firewall?

A firewall is a device that analyzes incoming and outgoing network traffic and decides whether it should be allowed through or not based on a set of rules as determined by the user.

1.1.2 APF

InterWorx uses APF, which is an acronym for Advanced Policy Firewall. APF is a policy based iptables-based firewall. APF provides an easy to use front end for iptables.

1.2 Use

1.2.1 Firewall Control

figure images/nodeworx/firewall/firewallcontrol.png
Figure 1.1 Service Control for FireWall
In figure1.1 on page 1↑ you can see the box allows the user to start, restart, and stop APF via gui. [A] Start on boot-up

Toggles whether or not you wish that InterWorx starts APF when the system reboots.

1.3 Firewall Information

figure images/nodeworx/firewall/firewallinformation.png
Figure 1.2 This section displays and edits configuration information for APF (note: the default configuration is best for most users) Debug mode

When debug mode is enabled, all firewall rules are flushed every 5 minutes to prevent being locked out of the server due to a firewall misconfiguration. Default Type of Service

Defines the default type of service (Maximize Reliaibility, Maximize Throughput, Minimize Delay). TCP Drop Policy

Defines how to handle TCP packet filtering. “Reset” sends a tcp-reset message, “Drop” silently drops the packet, “Reject” rejects the packet. UDP Drop Policy

Defines how to handle UDP packet filtering. “Reset” sends an icmp-port-unreachable message, “Drop” will silently drop the packet, “Reject” will reject the packet, and “Prohibit” will send an icmp-host-prohibited message. Block Multicasting

Defines if the firewall should block multicast traffic. Block Private Networks

Defines if the firewall should block all private ipv4 addresses (reserved address space, generally unroutable on the internet). If the server sites behind a NAT or other routing setup that would make use of private addressing, leave this option “Off”. Max Sessions

Defines the maximum number of connection tracking entries that can be handled by the firewall simultaneously. Sysctl TCP

Enables or Disables sysctl hook changes to harden the kernel from certain network-based attacks. Untrusted Interface

All traffic on defined interface will be subject to all firewall rules. This should be your internet exposed interface. Trusted Interfaces

All traffic on defined interface(s) will bypass all firewall rules.
Click ’Update’ to commit changes.

1.4 Global IP Access Control

figure images/nodeworx/firewall/firewallaccesscontrol.png
Figure 1.3 Gloal IP Access Control Trusted IPs

Add one trusted IP per line to allow all traffic to and from that address. Blocked IPs

Add one blocked IP to prevent all traffic to and from that address.

1.5 Port Access

figure images/nodeworx/firewall/firewallportaccess.png
Figure 1.4 Port Access Table
This table is used to open and close specific ports on your firewall. The port rules defined here will apply to all incoming IPs that are not defined in either the Trusted or Blocked IP lists. (Note: The default configuration is best for most users.)
Note: Port 2443 must be open for the control panel to function correctly.


The panel will automatically indicate whether or not APF is running.

Was this answer helpful?

 Print this Article

Also Read

InterWorx Installation Requirements

Operating System Support InterWorx is a Linux based hosting control panel. Linux is the most...

InterWorx Server Administrator FTP Guide

1.1 What is FTP? FTP, or File Transfer Protocol, is a standard network protocol used to...

How to change the port InterWorx Control Panel runs on?

it should only be done in extreme cases such as if you are behind a firewall and do not have...

InterWorx Cluster Installation Requirements

It is important to note that the Cluster Panel is essentially the InterWorx Control Panel in...

Add ioncube_loader

download the correct version of ioncube here: and then create...