I have installed APF Firewall on my box.
Do I need to reboot my box to have it start working?

Everytime you reboot your server you will need to restart the firewall.

/etc/init.d/apf start

try:
/etc/init.d/apf start

(edit) he beat me to it! :(

Ah.. I see..

Got it up, working and running!

But how secure is this firewall?

Can I be assured of 0 attempts to take over my server with this firewall?

A firewall doesnt stop people attempting to hack your server, nor does it guarantee a secure server. It simply filters packets.

There are many MANY more steps to take to secure a server and even then you are never 100% secure (unless you take the NIC out :)).

APF is one of the best firewalls though IMHO so you are off to a good start.

Originally posted by aLpHaBoI

But how secure is this firewall?

Can I be assured of 0 attempts to take over my server with this firewall?

No.
after all did you closed any of the vulnerable ports ?
like http,ftp,ssh,smtp,pop3 ?
no they're still open... so all attempts on those ports
will be successful.
In the default configuration that script
only protects already closed ports..., and if you have
the right iptables modules it might protect you against
some attacks.
but thats it.

Originally posted by darksoul
No.
after all did you closed any of the vulnerable ports ?
like http,ftp,ssh,smtp,pop3 ?
no they're still open... so all attempts on those ports
will be successful.
In the default configuration that script
only protects already closed ports..., and if you have
the right iptables modules it might protect you against
some attacks.
but thats it.

I have closed all ports except for ssh (port 22) and some ports which I use to run a shoutcast server.

that was a general example.
the idea is that a port that its not used,
ie, theres no service running on that port, its not
vulnerable anyway so protecting it with a firewall
hardly makes sense.
You'll never be able to protect vulnerable services
like smtp for example with a firewall, because
if you have a lot of customers you have to let
this port open so they can use it from anywhere...

In your case, a firewall would make sense if
you configure it so that ssh is accessible only
from your ips.(this would be an extra layer of security over tcp wrappers).

Also, be aware that on a server with a lot of traffic a poorly
configured firewall slows the server, due to the fact that each packet will traverse the firewall till it finds a matching rule.

Generally, you are on the right track, by closing unused ports. The short answer is no, it doesn't prevent people from trying. Does it work? It depends on what you are running on those ports, how vulnerable they are and so on.

It doesn't take long for a hacker to really find which ports are open and attempt a hack. Tools nowadays are quite efficient even when scanning all the ports.

Hmm.. Looks like I have to get myself a Dummy's Guide to Linux Security or something..

Another stupid question: Does running a firewall uses your transfer?

No but depending on how the rules are ordered and how much filtering it has to do it can slow your transfer slightly. It's a reasonable tradeoff.

Yet another question...

I have launched the APF firewall and disabled pings.


<correction>
After I've launched APF by using service apf start
Everything goes well, the ports are blocked and I cant ping the server. However, after 5 mins or so, I can ping and access blocked ports! I did not even stop the firewall! Is there something wrong?
</correction>

I suppose you read its config...
check for the option that autodisables the firewall
after 5 mins.

Got it.. Thank you for your help! :)

Does APF works with cPanel?
Is there a so so called "HoW - To" thingy here?

theres a howto on the rackshack forums which covers cpanel, just make sure you read it all as some of the earlier posts relate to old versions and no longer apply. Also read both threads, the one in the how to's forum and in the security forum.