#APF
####################################################################
#we don't want this running. I add a cron to delete it once a day
mv  /etc/cron.hourly/log_traffic /root


cd ~admin
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
tar xzvpf apf-current.tar.gz
cd apf-0.9.6-3
./install.sh
perl -p -i -e 's/IG_TCP_CPORTS=\"22\"/IG_TCP_CPORTS=\"21,22,23,25,53,80,110,143,443,81,444,465,587,783,873,993,995,5100,60000_60019\"  /g'  /etc/apf/conf.apf
perl -p -i -e 's/IG_UDP_CPORTS=\"\"/IG_UDP_CPORTS=\"53,60000_60019\"/g'  /etc/apf/conf.apf
#the line below turns off the devel mode. Don't do this until you are sure it works as you want it to.
perl -p -i -e 's/^DEVEL_MODE=\"1\"/DEVEL_MODE=\"0\"/g'  /etc/apf/conf.apf

#set some IP address to the allow rules so you can always connect from it. Otherwise you may be locked out of the server.
#echo "d=22:s=209.216.51.0/24" >> /etc/apf/allow_hosts.rules 
/etc/rc.d/init.d/apf restart
####################################################################


#BFD  #  http://www.webhostgear.com/60.html
####################################################################
cd ~admin
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz
tar -xvzf bfd-current.tar.gz
cd bfd-0.9
./install.sh
wget precisionweb.net/frank/confgeneric.bfd
mv confgeneric.bfd   /usr/local/bfd/conf.bfd

#don't block some ip addresses. If you have a static IP put it here.
#echo "209.216.10.232"   >> /usr/local/bfd/ignore.hosts

wget http://www.r-fx.ca/downloads/sshd 
mv -f sshd /usr/local/bfd/rules/

#do not block based on anonymous logins
perl -p -i -e 's/grep -w proftpd/grep -w proftpd \| grep -v anonymous/g'  /usr/local/bfd/rules/proftpd 

####################################################################


#proftpd - replace the existing <Global> container with the one below to set the passwove port numbers
####################################################################

pico -w /etc/proftpd.conf

 <Global>
   TimesGMT                     off
   DefaultChdir            ../../web site-adm
   <Limit SITE_CHMOD>
        AllowAll
   </Limit> 
     IdentLookups off 
     MaxClientsPerHost 40
     MaxClientsPerUser 40
     DeferWelcome            on 
   #stop regular users from FTPing
   <Limit LOGIN>
     DenyAll
     AllowGroup site-adm
     AllowUser someotherusername
     AllowUser admin
   </Limit>

   ServerIdent         off
   # set the passwove port numbers to match firewall settings
   PassivePorts 60000 60019
 </Global>