APF - Blocking all traffic

I'm running APF on my server. There are only two ports that need inbound traffic, HTTP on 80 and SSH (lets say 7777) on a non-standard port. No other inbound traffic should be allowed, from anywhere.

I have IG_TCP_CPORTS="80,7777"

Does the above ingress setting mean that all other ports will not accept inbound traffic? If not, how do I ensure that no other ports are open?

What about TOS_DEF_TOS, TOS_0, TOS_4, TOS_8 and TOS_16. Need I change these default settings? Can you give me a brief description of what they are for? No sure I understand.

What about BLK_P2P_PORTS. Do I need to change anything here?

I'm a bit paranoid and would like to block every aspect of my server that does not need to be open.

Thanks!

 

 

 

 

Top