APF stands for Advanced Policy Firewall. “APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike.” (from the APF home page)
In layman’s terms, a firewall is a piece of software which blocks software ports on a computer. Think of ports as doors in the server software. There are thousands of such doors on a computer, and each program which accesses other computers on the Internet uses a port. The trick is to leave the needed ports open while closing others because, if left open, people and software will use them to cause problems on your server or to install things on your server to cause problems on yours and other people’s server(s). APF is an enhanced version of iptables, a firewall that comes standard on most Linux web servers (but may or may not be enabled).
Each port has a number. For example, the apache web server uses port 80, and the qmail smtp (outgoing) mail server uses port 25. InterWorx uses 2443. There are many more. If an incorrect port is blocked something will not work; similarly every open port leaves your server vulnerable. APF will leave these and other needed ports open, but close all others.
You can also block all access from certain IPs or IP blocks of suspected troublemakers.
For more info on APF visit http://rfxnetworks.com/apf.php