amuck-landowner

No firewall? Meet ufw the easiest firewall ever

drmike

100% Tier-1 Gogent
For long I've been running Debian on VPS instance wide open or with a stack of iptables commands.   Been getting smacked by some bad traffic lately and after debugging all that, thought it was time for something a bit tidier and easier to deal with.  Yes iptables rocks, but it's a long learning curve and prone to massive screwups due to admin error.

So let's install ufw:

Code:
Install ufw:
sudo apt-get install ufw

(ufw will NOT start post installation, so as to not lock you out)

Open ports 22 and 80 (add others if needed)
sudo ufw allow 22
sudo ufw allow 80


Start ufw:
sudo ufw enable

Turn on logging (will put entries in /var/log/syslog):
sudo ufw logging on


Get status of ufw:
sudo ufw status verbose

Disable ufw:
sudo ufw disable

Block a malicious IP with ufw:
sudo ufw deny ip
 
Last edited by a moderator:

MannDude

Just a dude
vpsBoard Founder
Moderator
How does this compare to other solutions? I'm sure people will chime in with several different opinions, but I've never used UFW before except as a desktop firewall with it's GUI.
 

Amitz

New Member
CSF is so easy to install and maintain while it offers so much more than UFW - You should really give it a try! :)
 

MannDude

Just a dude
vpsBoard Founder
Moderator
CSF is so easy to install and maintain while it offers so much more than UFW - You should really give it a try! :)
Any tips for CSF on a KVM VPS? Seems like even with default settings it just blocks everything. Been playing around with it on a dev box, while I haven't looked into it much, it doesn't perform as I remember it working on OpenVZ VPSes I've used it on.

Or it could just be operator error. :|
 

Amitz

New Member
Must be... ;-)


I have it running on 8 VMs, some OpenVZ, some XEN, some KVM, even on dedicated aervers - no issues at all.


Are all necessary Kernel modules installed on the KVM?


Run ./csftest.pl in the csf directory.
 
Last edited by a moderator:

Alto

New Member
I've hardly ever had UFW work properly on OVZ without applying a few tweaks, whereas it's always run flawlessly for me on KVM/Xen.
 

drmike

100% Tier-1 Gogent
I am EXTREMELY interested in CSF with emphasis on working with OpenVZ.

Anyone who uses CSF and could take 20 minutes to type up  a current working tutorial would  have my praises.   
 

eva2000

Active Member
Any tips for CSF on a KVM VPS? Seems like even with default settings it just blocks everything. Been playing around with it on a dev box, while I haven't looked into it much, it doesn't perform as I remember it working on OpenVZ VPSes I've used it on.

Or it could just be operator error. :|
Been using CSF on CentOS for several years without problems including 2+ yrs bundled with Centmin Mod http://centminmod.com/csf_firewall.html. Used on OpenVZ, KVM, VMWare and Virtualbox and Xen without problems all with CentOS OSes though only. Centmin Mod currently has around 1,500 new downloads per month and no one has complained of CSF firewall problems AFAIK  :D

Just grab centmin mod zip download without installing and extract the zip and take a look at inc/csfinstall.inc and inc/csftweaks.inc for tips  :)
 
Top
amuck-landowner