All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
iptables wrappers?
I quite like bare iptables. It's easy and straightforward. Simple things like port forwarding, blocking, nat, quite easy to do. My choice will always be bare iptables, or, the coming nftables.
However, some people prefer wrappers around iptables. I often use csf
for servers other people have to use, most of the time combined with Directadmin or just the csf web ui. I also quite like lfd
, which does almost the same as fail2ban
or denyhosts
.
I've written a snippet with my most used commands and config settings: https://raymii.org/s/articles/Configserver_Firewall_and_Security_CSF_LFD.html
There is also shorewall. I've never used it.
Then ufw
. Default on Ubuntu. Redhat now ships firewalld. Systemd might even soon start integrating a firewall, who knows.
What do you use as a firewall and more important why?
Comments
Bare iptables, it does what I need and I'm too lazy to learn anything else.
I only ever use bare iptables now, I rarely use a control panel and each VPS/server I have needs limited contact with the outside world. So I find it easier just to start with access to SSH and drop everything else until I need something else and open it up.
I used CSF once before but found it just got in my way.
I would recommend you ferm. It is not "usual" iptables wrapper, but it's a C-like language for writing iptables, ip6tables, ebtables and arptables rules with variables, arrays and functions. It's very, very convenient when you need to make a lot of similar rules, which are different only by interface, for example.
It looks like this:
And vpn.vars:
It doesn't restrict you in any way, as other wrappers, but quite the contrary. It's amazing!
Bare iptables for me too.