Portal Home > Knowledgebase > Articles Database > Apf or CSF?
Apf or CSF?
| Posted by microbloghosting, 09-01-2009, 05:18 AM |
| Which firewall is better and easy to manage ?
Apf or CSF?
|
| Posted by khunj, 09-01-2009, 05:26 AM |
| I would say none of them, because they aren't firewall !
Just some kind of scripts/front-end to iptables which, itself, is already a front-end to the kernel netfilter.
|
| Posted by chrda, 09-01-2009, 05:43 AM |
| Both are good frontends for iptables, depends on taste and need i guess.
For a simple firewall frontend only, i can recommend apf.
If you need to be "spammed" with alert emails etc you can use CSF+LFD
CSF is updated more often than APF and have more functions.
You can try out APF first, and then CSF. CSF got a APF uninstall script with it.
|
| Posted by Hosting24, 09-01-2009, 06:03 AM |
| We have used APF and migrated to CSF later. CSF is easier to setup and manage (it's very important for persons who are not very experienced in server management).
If you ask my personal opinion, I love that CSF can be integrated into WHM and all settings can be changed with single mouse click. But some other persons hate this option for unknown reasons.
I would suggest you installing and running APF first, so you can see if it's "just the right firewall for you". If you feel it's to complex, just download and install CSF. It will uninstall APF for you in seconds and new fresh installation of CSF will be deployed.
|
| Posted by iTom, 09-01-2009, 06:07 AM |
| We have always preferred CSF, better for the clients to use with cPanel and DirectAdmin
|
| Posted by yajur, 09-01-2009, 06:26 AM |
| csf will be good if haveing whm and cpanel
|
| Posted by inspiron, 09-01-2009, 07:40 AM |
| I would say Csf when its comes to Cpanel. Easy to configure and manage.
|
| Posted by odishahost, 09-01-2009, 09:40 AM |
| If you are on a cpanel server, CSF would be the best. One others, APF would be good.
|
| Posted by petteyg359, 09-01-2009, 09:48 AM |
| I use CSF even on non-cPanel servers. Setup is a run-one-script deal, config is extremely well commented, and the default config will work for most systems.
|
| Posted by rootatmike, 09-01-2009, 03:20 PM |
| apf is bad and it is getting outdated soon, as well as it is not recommended by most hosting ppls .
it's better to go with CSF as it has more functionality than apf.
Thanks
|
| Posted by eth10, 09-01-2009, 03:38 PM |
| Yup CSF al the way just for the reason that it has more functionality compared to APF
|
| Posted by -Edward-, 09-01-2009, 03:50 PM |
| I must admit the spam from CSF is more than annoying, so much so - it's close to being removed!
|
| Posted by The-Pixel, 09-01-2009, 03:55 PM |
| I always found CSF to be much easier to use. I know ALOT of places that still use APF. I think it's really based on the 'users' preference. Best of luck!
|
| Posted by vectro, 09-01-2009, 04:15 PM |
| iptables is hard to manage without a front-end script. csf can also be configured detect "bad traffic" like flooding, DOS attacks and ssh/ftp break-in attempts. It can automatically block these things.
I have disabled alert messages for most things. I get minimal e-mails from csf. Basically I have it set so it only tells me if a user has uploaded a script which uses the server's mail function. Once it tells me that, I check to see if it's a spammer script. Besides than that, csf does a bunch of automated stuff on my server without telling me about it. This has been a saving grace!
WHM integration is one nice thing. I think some people don't care for it because you can do more by going into the server and editing the csf config file manually than you can just using WHM to config it.
That's the other great thing. You don't have to have cPanel/WHM.
The messages can be disabled with some editing of the well-commented config file so csf just works silently.
|
| Posted by tchryan, 09-02-2009, 05:41 AM |
| The difference between the update patterns of CSF and APF is that CSF is a suite of scripts/applications that require regular bug fixes and maintenance whereas APF is a straight up iptables management wrapper. As such, APF requires less maintenance, is prone to fewer bugs and has a very long standing mature release cycle.
So, to say APF is outdated could not be further from the truth, it simply does not require the same level of preventative maintenance as CSF. Further, in terms of firewall features - that is features specifically designed for packet filtering, APF is far ahead of CSF only exceeded by shorewall for host based iptables firewall software.
|
| Posted by santrix, 09-02-2009, 06:10 AM |
| I'm certainly no linux guru, but I have been running a WHM/cpanel setup for a year or so, and I installed APF when I originally prepared the box for production.
As tchryan says, it's just a very nice command-line wrapper for iptables. Does what it says on the tin, no fuss, no gimmicks, and therefore nothing to go wrong. OK, so you can't add rules directly from a web browser, but so what...
The only downside I have felt with APF is that even with BFD installed along side, it doesn't seem as reactive as CSF in cutting off the brute force attacks. This is one area where CSF clearly has an advantage at the moment, as far as I am aware (I'll probably get corrected now!)
|
| Posted by LP560, 09-02-2009, 07:10 AM |
| I've never got along with CSF, hate the thing, overly complicated!
APF is so simple, edit one file and thats it, add it to run on boot and leave, you cant get much easier than that.
|
| Posted by tjohnson3757, 09-02-2009, 08:17 AM |
| I have used both Apf first and now CSF and I like the way CSF works better. I like the WHM interface makes it easier.
|
| Posted by microbloghosting, 09-02-2009, 08:29 AM |
| Alright I will try CSF.
|
| Posted by andrewklau, 09-02-2009, 08:33 AM |
| I would say, for those who are lazy or not that advanced with firewall etc go with APF.
If you want to dig deep, spend a few extra hours and really harden your server go with CSF.
|
| Posted by pmabraham, 09-02-2009, 08:50 AM |
| Greetings:
Ditto on APF/BFD.
Thank you.
|
| Posted by BloodRed, 09-03-2009, 04:56 AM |
| APF and BFD for sure.
|
| Posted by petteyg359, 09-03-2009, 10:05 AM |
| I've never used APF, so I can't say any negative about it. I can negative things about BFD, though. CSF, with default settings, has blocked port scans coming from several dozen locations and dozens of attempts to log in to my server. While BFD was installed for the same period of time previously, it blocked a grand total of 2 log in attempts. I seriously doubt turning off BFD and installing CSF/LFD caused malicious traffic directed at my server to increase exponentially.
|
| Posted by SC-Daniel, 09-03-2009, 10:37 AM |
| APF / BFD are a solid combination and are VERY powerful. Some say that CSF poorly handles syn flood and other similar attacks and claim APF does a better job at handling them.
|
Add to Favourites 
Print this Article
Also Read
