No firewall? Meet ufw the easiest firewall ever

[drmike]

For long I've been running Debian on VPS instance wide open or with a stack of iptables commands.   Been getting smacked by some bad traffic lately and after debugging all that, thought it was time for something a bit tidier and easier to deal with.  Yes iptables rocks, but it's a long learning curve and prone to massive screwups due to admin error.

So let's install ufw:

Install ufw:
sudo apt-get install ufw

(ufw will NOT start post installation, so as to not lock you out)

Open ports 22 and 80 (add others if needed)
sudo ufw allow 22
sudo ufw allow 80


Start ufw:
sudo ufw enable

Turn on logging (will put entries in /var/log/syslog):
sudo ufw logging on


Get status of ufw:
sudo ufw status verbose

Disable ufw:
sudo ufw disable

Block a malicious IP with ufw:
sudo ufw deny ip

 

[MannDude]

How does this compare to other solutions? I'm sure people will chime in with several different opinions, but I've never used UFW before except as a desktop firewall with it's GUI.

 

[Amitz]

CSF is so easy to install and maintain while it offers so much more than UFW - You should really give it a try!

 

[MannDude]

CSF is so easy to install and maintain while it offers so much more than UFW - You should really give it a try!

Any tips for CSF on a KVM VPS? Seems like even with default settings it just blocks everything. Been playing around with it on a dev box, while I haven't looked into it much, it doesn't perform as I remember it working on OpenVZ VPSes I've used it on.

Or it could just be operator error. :|

 

[Amitz]

Must be... ;-)


I have it running on 8 VMs, some OpenVZ, some XEN, some KVM, even on dedicated aervers - no issues at all.


Are all necessary Kernel modules installed on the KVM?


Run ./csftest.pl in the csf directory.

 

[Alto]

I've hardly ever had UFW work properly on OVZ without applying a few tweaks, whereas it's always run flawlessly for me on KVM/Xen.

 

[drmike]

I am EXTREMELY interested in CSF with emphasis on working with OpenVZ.

Anyone who uses CSF and could take 20 minutes to type up  a current working tutorial would  have my praises.   

 

[Alto]

This seems a fairly thorough walkthrough http://www.liquidweb.com/kb/csf-config-server-firewall-installation/


Going to have a piss about with it tomorrow myself, although right now UFW still looks a bit more straight forward to me.


EDIT: this tutorial https://www.digitalocean.com/community/articles/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu looks much better, I like some of the toys CSF has!

 

[eva2000]

Any tips for CSF on a KVM VPS? Seems like even with default settings it just blocks everything. Been playing around with it on a dev box, while I haven't looked into it much, it doesn't perform as I remember it working on OpenVZ VPSes I've used it on.

Or it could just be operator error. :|

Been using CSF on CentOS for several years without problems including 2+ yrs bundled with Centmin Mod http://centminmod.com/csf_firewall.html. Used on OpenVZ, KVM, VMWare and Virtualbox and Xen without problems all with CentOS OSes though only. Centmin Mod currently has around 1,500 new downloads per month and no one has complained of CSF firewall problems AFAIK 

Just grab centmin mod zip download without installing and extract the zip and take a look at inc/csfinstall.inc and inc/csftweaks.inc for tips 

 

[WelltodoInformalCattle]

Been using UFW recently but have been looking at checking out CSF like many in here. Might spin a DO 'droplet' and give it a try.

 

[Riccardo_G]

I have never used

I'll try