No firewall? Meet ufw the easiest firewall ever

Discussion in 'Tutorials and Guides' started by drmike, Oct 14, 2013.

  1. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    For long I've been running Debian on VPS instance wide open or with a stack of iptables commands.   Been getting smacked by some bad traffic lately and after debugging all that, thought it was time for something a bit tidier and easier to deal with.  Yes iptables rocks, but it's a long learning curve and prone to massive screwups due to admin error.

    So let's install ufw:

    Code:
    
    
    Install ufw:
    sudo apt-get install ufw
    
    (ufw will NOT start post installation, so as to not lock you out)
    
    Open ports 22 and 80 (add others if needed)
    sudo ufw allow 22
    sudo ufw allow 80
    
    
    Start ufw:
    sudo ufw enable
    
    Turn on logging (will put entries in /var/log/syslog):
    sudo ufw logging on
    
    
    Get status of ufw:
    sudo ufw status verbose
    
    Disable ufw:
    sudo ufw disable
    
    Block a malicious IP with ufw:
    sudo ufw deny ip
    
     
    Last edited by a moderator: Oct 15, 2013
  2. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    How does this compare to other solutions? I'm sure people will chime in with several different opinions, but I've never used UFW before except as a desktop firewall with it's GUI.
     
  3. Amitz

    Amitz New Member

    427
    179
    May 15, 2013
    CSF is so easy to install and maintain while it offers so much more than UFW - You should really give it a try! :)
     
  4. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    Any tips for CSF on a KVM VPS? Seems like even with default settings it just blocks everything. Been playing around with it on a dev box, while I haven't looked into it much, it doesn't perform as I remember it working on OpenVZ VPSes I've used it on.

    Or it could just be operator error. :|
     
  5. Amitz

    Amitz New Member

    427
    179
    May 15, 2013
    Must be... ;-)


    I have it running on 8 VMs, some OpenVZ, some XEN, some KVM, even on dedicated aervers - no issues at all.


    Are all necessary Kernel modules installed on the KVM?


    Run ./csftest.pl in the csf directory.
     
    Last edited by a moderator: Oct 14, 2013
  6. Alto

    Alto New Member

    74
    8
    May 15, 2013
    I've hardly ever had UFW work properly on OVZ without applying a few tweaks, whereas it's always run flawlessly for me on KVM/Xen.
     
  7. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    I am EXTREMELY interested in CSF with emphasis on working with OpenVZ.

    Anyone who uses CSF and could take 20 minutes to type up  a current working tutorial would  have my praises.   
     
  8. Alto

    Alto New Member

    74
    8
    May 15, 2013
    Last edited by a moderator: Oct 14, 2013
  9. eva2000

    eva2000 Active Member

    327
    90
    May 22, 2013
    Been using CSF on CentOS for several years without problems including 2+ yrs bundled with Centmin Mod http://centminmod.com/csf_firewall.html. Used on OpenVZ, KVM, VMWare and Virtualbox and Xen without problems all with CentOS OSes though only. Centmin Mod currently has around 1,500 new downloads per month and no one has complained of CSF firewall problems AFAIK  :D

    Just grab centmin mod zip download without installing and extract the zip and take a look at inc/csfinstall.inc and inc/csftweaks.inc for tips  :)
     
  10. WelltodoInformalCattle

    WelltodoInformalCattle New Member

    182
    62
    May 15, 2013
    Been using UFW recently but have been looking at checking out CSF like many in here. Might spin a DO 'droplet' and give it a try.
     
  11. Riccardo_G

    Riccardo_G New Member

    23
    2
    Oct 6, 2013
    I have never used

    I'll try