hostsolutions.ro cannot run UFW

kisiel

Hi Guys,

I realized that the vps on hostsolutions.ro won't let me install UFW. Something missing in the kernel. What are my options to secure it?

Thanks for help
Marcin

Nekki

@kisiel said:
Hi Guys,

I realized that the vps on hostsolutions.ro won't let me install UFW. Something missing in the kernel. What are my options to secure it?

Thanks for help
Marcin

What’s missing from the kernel?

pullangcubo

I'm guessing it's for their OpenVZ plans? If I'm not mistaken, the connection tracking module (conntrack) is not in the kernel by default, but you can open a ticket and request for it to be enabled.

Levi

CSF, Shorewall.

jvnadr

kisiel said: I realized that the vps on hostsolutions.ro won't let me install UFW. Something missing in the kernel. What are my options to secure it?

CSF is a much better solution. You can even try their web interface (of course free) to config it.

kisiel

Thank you all
looks like @pullangcubo mentioned it is OpenVZ plan with a missing module.
I raised a ticket asking what with UFW but haven't got any response since a week or so. I will add the info there and keep fingers crossed.

Nekki

jvnadr said: CSF is a much better solution.

I do like CSF for when I'm in a hurry, although I've never used the web interface.

jvnadr

Nekki said: I've never used the web interface

It's nothing special, just the ol'good config in a html page with option to change values on the fly, with easier search and view. Something like gui installation of linux vs plain terminal...

jsg

How would a provider keep evil users away from f*cking other users or even the nodes stuff on OpenVZ? (Without some extra protection layer)

sibaper

kisiel said: secure

which OS, if you dont mind

JerryHou

kisiel said: haven't got any response since a week or so.

Just keep waiting and don't bump your ticket. The waiting queue can be quite long.

doumazdou

What service needs to install UFW

kisiel

@sibaper said: which OS, if you dont mind

Ubuntu. I believe 14.04 or 12.04 is all I can have

kisiel

@doumazdou said: What service needs to install UFW

I don't think any service actually needs UFW. I am fairly new to Linux and read somewhere that UFW is a good idea.

kisiel

@JerryHou said: Just keep waiting and don't bump your ticket. The waiting queue can be quite long.

paid off, all sorted now. Thank you

kisiel

@jsg said:
How would a provider keep evil users away from f*cking other users or even the nodes stuff on OpenVZ? (Without some extra protection layer)

I am not sure what is the message. Do you agree with installing UFW or disagree? and why?
I am happy to learn.

jsg

I'm asking something. I'm asking how a provider can give you access to the firewall -and - make sure that you don't make rules with someone elses IP on the same OpenVZ node.

kisiel

@jsg said:
I'm asking something. I'm asking how a provider can give you access to the firewall -and - make sure that you don't make rules with someone else's IP on the same OpenVZ node.

wow. that's an interesting thought. If that's really possible then missing conntrack should be a good thing. But now I have it loaded so can block anyone on the same node?

jsg

@kisiel said:
wow. that's an interesting thought. If that's really possible then missing conntrack should be a good thing. But now I have it loaded so can block anyone on the same node?

Pardon me my interest and hence my knowledge in OpenVZ is quite limited. I'd assume though that following my hint will lead you to an answer.