apf-firewall - easy iptables based firewall system

Property Value
Distribution Debian 8 (Jessie)
Repository Debian Main amd64
Package name apf-firewall
Package version 9.7+rev1
Package release 3+deb8u1
Package architecture all
Package type deb
Installed size 298 B
Download size 96.94 KB
Official Mirror ftp.br.debian.org
Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall
system designed around the essential needs of today's Internet deployed
servers and the unique needs of custom deployed Linux installations. The
configuration of APF is designed to be very informative and present the
user with an easy to follow process, from top to bottom of the
configuration file. The management of APF on a day-to-day basis is
conducted from the command line with the 'apf' command, which includes
detailed usage information and all the features one would expect from a
current and forward thinking firewall solution.
Summary of features:
* detailed and well commented configuration file
* granular inbound and outbound network filtering
* user id based outbound network filtering
* application based network filtering
* trust based rule files with an optional advanced syntax
* global trust system where rules can be downloaded from a central
management server
* reactive address blocking (RAB), next generation in-line intrusion
* debug mode provided for testing new features and configuration setups
* fast load feature that allows for 1000+ rules to load in under 1 second
* inbound and outbound network interfaces can be independently configured
* global tcp/udp port & icmp type filtering with multiple methods of
executing filters (drop, reject, prohibit)
* configurable policies for each ip on the system with convenience variables
to import settings
* packet flow rate limiting that prevents abuse on the most widely abused
protocol, icmp
* prerouting and postrouting rules for optimal network performance
* dshield.org block list support to ban networks exhibiting suspicious
* spamhaus Don't Route Or Peer List support to ban known "hijacked zombie"
IP blocks
* any number of additional interfaces may be configured as firewalled
(untrusted) or trusted (not firewalled)
* additional firewalled interfaces can have there own unique firewall
policies applied
* intelligent route verification to prevent embarrassing configuration
* advanced packet sanity checks to make sure traffic coming and going meets
the strictest of standards
* filter attacks such as fragmented UDP, port zero floods, stuffed routing,
arp poisoning and more
* configurable type of service options to dictate the priority of different
types of network traffic
* intelligent default settings to meet every day server setups
* dynamic configuration of your servers local DNS revolvers into the firewall
* optional filtering of common p2p applications
* optional filtering of private & reserved IP address space


Package Version Architecture Repository
apf-firewall_9.7+rev1-3+deb8u1_all.deb 9.7+rev1 all Debian Main
apf-firewall - - -


Name Value
iproute -
iptables -
lsb-base -
wget -


Type URL
Binary Package apf-firewall_9.7+rev1-3+deb8u1_all.deb
Source Package apf-firewall

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install apf-firewall deb package:
    # sudo apt-get install apf-firewall




2017-04-28 - Adrian Bunk <bunk@debian.org>
apf-firewall (9.7+rev1-3+deb8u1) jessie; urgency=medium
* QA upload.
* Set maintainer field to Debian QA Group.
* Add patch from Christoph Biedl to make it work with
kernel 3.x and newer. (Closes: #701674)
2011-07-15 - Giuseppe Iuculano <iuculano@debian.org>
apf-firewall (9.7+rev1-3) unstable; urgency=low
* [7e08452] Added iproute in Depends (Closes: #631594)
* [a219c1e] Refreshed reserved.networks files (Closes: #627157)
* [77f1a7c] Fixed the check_rab function (Closes: #633649)
* [803f5fb] Bump to Standards-Version 3.9.2, no changes needed
2010-03-03 - Giuseppe Iuculano <iuculano@debian.org>
apf-firewall (9.7+rev1-2) unstable; urgency=low
* [979a674] Updated my email address
* [a64f71f] Bump Standards-Version, no changes needed
* [f8d719f] init: Added $network $local_fs $remote_fs in Required-Stop
* [cc35d15] Added a README.source
2009-07-14 - Giuseppe Iuculano <giuseppe@iuculano.it>
apf-firewall (9.7+rev1-1) unstable; urgency=low
* [2a35eda] Imported Upstream version 9.7+rev1
* [99a4772] Refreshing patches
* [00800d6] debian/control: Updated homepage field
* [9e8cb5e] Updated to standards version 3.8.2 (No changes needed)
* [b0e956e] Added wget in Depends
2009-03-03 - Giuseppe Iuculano <giuseppe@iuculano.it>
apf-firewall (9.6+rev5-3) unstable; urgency=low
* [ee70a07] Do not run cron.daily if /etc/default/apf-firewall hasn't
RUN=yes. (Closes: #517961)
2009-02-25 - Giuseppe Iuculano <giuseppe@iuculano.it>
apf-firewall (9.6+rev5-2) unstable; urgency=low
* [a5773ac] debian/rules: Use dh_prep instead of dh_clean -k and fix
dh-clean-k-is-deprecated lintian warning
* [79ba2e5] debian/copyright: Use © symbol and fix copyright-with-old-
dh-make-debian-copyright lintian warning
* [623ba1e] debian/apf-firewall.init: Added log_end_msg to avoid bad
* [0c18b65] Switch to quilt
* [ade7c24] debian/patches/01_fix_path.patch: Use /usr/sbin/apf
instead of /etc/apf-firewall/apf
* [928ef93] debian/rules: Do not install /etc/apf-firewall/apf
* [cb21d95] debian/apf-firewall.logrotate: Added weekly, rotate 7, and
compress options
2008-08-29 - Giuseppe Iuculano <giuseppe@iuculano.it>
apf-firewall (9.6+rev5-1) unstable; urgency=low
* Initial release (Closes: #495284)

See Also

Package Description
apf-server_0.8.4-1+b1_amd64.deb Server for Active Port Forwarding
apg_2.2.3.dfsg.1-2_amd64.deb Automated Password Generator - Standalone version
apgdiff_2.4-3_all.deb Another PostgreSQL Diff Tool
api-sanity-checker_1.98.6-1_all.deb automatic generator of basic unit tests for a C/C++ library API
aplus-fsf-dev_4.22.1-6_amd64.deb A+ programming language development environment
aplus-fsf-doc_4.22.1-6_all.deb A+ programming language documentation
aplus-fsf-el_4.22.1-6_all.deb XEmacs lisp for A+ development
aplus-fsf_4.22.1-6_amd64.deb A+ programming language run-time environment
apmd_3.2.2-15_amd64.deb Utilities for Advanced Power Management (APM)
apng2gif_1.5-3_amd64.deb tool for converting APNG images to animated GIF format
apngasm_2.7-1_amd64.deb assemble APNG animation from PNG/TGA image sequence
apngdis_2.5-1_amd64.deb deconstruct APNG file into a sequence of PNG frames
apngopt_1.2-1_amd64.deb optimize APNG animated images
apoo_2.2-2_all.deb An Assembly course aid
apophenia-bin_0.999b+ds3-2_amd64.deb Apophenia Statistical C Library -- binary package