New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
UFW firewall on hostsolutions.ro
I have a VPS deal (OpenVZ 2core 2 gb ram 5.97/3 monts) from @cociu. I actually like the speed and network but:
I bumped into the problem not being able to run UFW. Found this thread by @kisiel.
My image is debian-7.0-x86-minimal.tar.gz.
After some googling I got UFW to work-ish by:
- Reinstalled modprobe
sudo apt-get --reinstall install module-init-tools - Run this script.
- Disable IPv6 (see tutorial)
- Disable logging
sudo ufw logging off - Run
sudo ufw enablex2
And that finally it worked! (Yeey)
I want to use this topic to investigate and ideally create a good tutorial for fixing this issue!
Comments
Sorry, I can't help much, but thanks for bringing it to my attention. Don't work much with Debian 7 and UFW.
Yes. I there is a good working firewall on this VPS I would be perfect for basic things. I just can not trust setting-up a database without a firewall.
If you encounter many problems with UFW firewall, you can try to use iptable
IPTABLES INSTALLATION
source : https://www.geek17.com/fr/content/debian-9-stretch-securiser-votre-serveur-avec-le-firewall-iptables-32
http://lea-linux.org/documentations/Iptables
http://www.fr.linuxfromscratch.org/view/blfs-svn/postlfs/iptables.html
Latest version
wget http://www.netfilter.org/projects/iptables/files/iptables-1.6.2.tar.bz2
CSF is another easy alternative.
I never trust ufw and similar software. Even I use (edit) raw iptables and ipset without their persistence, just put the whole scripts on rclocal because I've experienced it failed to run after upgrading the kernel.
Me neither. Failed me too many times. I don't trust ufw, iptables, scripts, systemd, bash and such. It all really got fucked up when they started to use assembly everywhere, even where good old perfocards were a reliable and proven method. Can't agree with you enough.