Category: How to: Manage Firewall Options

Share this post...Tweet about this on TwitterShare on Google+0Share on Facebook0

InterWorx Control Panel integrates with the APF iptables firewall system. Uses have fine grained control over the firewall configuation on the server, including individual port control, and global IP access and deny lists.

The following procedures explain how to configure firewall options using InterWorx Control Panel. The most common configuration options are exposed in the InterWorx Control Panel interface. As with many of the system services, a system administrator still retains the ability to configure the service by editing the configuration file directly.

Firewall Options Reference:

Firewall Debug Mode 
When Debug Mode is On, the firewall rules will automatically flush every 5 minutes. This allows you to test your firewall rules and prevent you from locking yourself out of your system. Once you have the firewall set up, turn debug off.

Default Type of Service 
Setting this option affects network response. The following options are:

  • Minimum delay – Set this option when low latency (the time it takes for a data to travel from the source host to destination host) is most important.
  • Maximum throughput – Set this option when the volume of data transmitted in any period of time is important, and latency is less important.
  • Maximum reliability – Set this option when it is important that you have some certainty that the data will arrive at the destination without retransmission being required.

Linux Network Adminstrators Guide

TCP Drop Policy 
Setting this option determines how TCP packets are filtered. The following options are:

  • Reset – Sends a tcp-reset. This is the TCP/IP default.
  • Drop – Drops the packet.
  • Reject – Rejects the packet.

UDP Drop Policy 
Setting this option determines how UDP packets are filtered. The following options are:

  • Reset – Sends a tcp-reset response. This is the TCP/IP default.
  • Drop – Drops the packet.
  • Reject – Rejects the packet.
  • Prohibit – Sends an icmp-host-prohibited response.

Block Multicasting 
Set this option if you intend to participate in the MBONE, a high bandwidth network on top of the Internet which carries audio and video broadcasts.

More about MBONE

Block Private Networks 
Set this option to block all private IPv4 addresses. Leave this option off if this host resides behind a firewall with NAT or routing scheme that otherwise uses private addressing.

Maximum Sessions 
This is the maximum number of “sessions” (connection tracking entries) that can be handled simultaneously by the firewall in kernel memory. Increasing this value too high will simply waste memory; setting it too low may result in some or all connections being refused, in paticular during denial of service attacks.

Sysctl TCP 
These are sysctl hook changes to further harden the kernel from network attack trends by lowering standard time-out values and other time based packet responses.


  1. Click the Server menu item if it is not already open.
  2. Click the Firewall menu item.
  3. Locate the Firewall Information section.
  4. Change the option(s) you wish to update to the desired value(s).
  5. Click the Update button.
Citation Source: APFFirewall
Nov 15, 2012, 5:41 pmBy: InterWorx
How to: Manage Firewall Options
5 votes, 3.00 avg. rating (58% score)
(0) Comments

Leave a Reply
Surround code blocks with <pre>code</pre>

Your email address will not be published.


Broken Link