2014/12/03

Fix the broken APF package on Debian/Ubuntu

The Debian / Ubuntu package for Advanced Policy Firewall (APF) seems a bit unmaintained. By default it won’t run without some initial tweaking. Note that they probably want everyone to just download and run the installer from their site nowadays, but that’s not how I roll (usually).

cd /etc/apf-firewall/internals
sudo cp -p functions.apf functions.apf.orig

1 2	cd /etc/apf-firewall/internals sudo cp -p functions.apf functions.apf.orig

In functions.apf, change the line

elif [ "$KREL" == "2.6" ]; then

1	elif [ "$KREL" == "2.6" ]; then

elif [ "$KREL" == "2.6" -o "${KREL:0:1}" == '3' ]; then

1	elif [ "$KREL" == "2.6" -o "${KREL:0:1}" == '3' ]; then

That allows the basic functionality of the software to work. Next, for the sake of upgrade-ability, I copy /etc/apf-firewall/conf.apf to /etc/apf-firewall/conf.apf.my. Then the only change needed to the installed config is to source the .my file. Here’s the bottom of the file:

##
# [Import misc. conf]
##
. /etc/apf-firewall/conf.apf.my

# Internal variable file
CNFINT="$INSTALL_PATH/internals/internals.conf"
. $CNFINT

# [Import misc. conf]

. /etc/apf-firewall/conf.apf.my

# Internal variable file

CNFINT="$INSTALL_PATH/internals/internals.conf"

. $CNFINT

Since it won’t work if you try to source the internals.conf file twice, you need to make sure that the last line in the .my file is commented or removed. Now you can edit the other values in the .my file to your liking. Remember to turn off devel mode and change /etc/default/apf-firewall when you’re satisfied with any config changes, then restart the service in the usual way.

Fix the broken APF package on Debian/Ubuntu is original content from devolve.

Tags:command line, Linux, networking, security, sysadmin

About The Author

Charlie Herron

Denizen of Portland, Maine; tech jack; lover / hater / whatever; philosophical dabbler. http://twitter.com/realgeek