UFW firewall or not?!?

**UncleSam** · Feb 12th 2016

Hi there,

I moved to another server and wanted to stay as secure as possible. So I tried to create all iptable rules first and found an easier solution called "ufw".
So I decided to remove the default iptables and use ufw instead. Is there anyone who has more knowledge about iptables and ufw who could tell me if it is a "good way" or not?

Versions:

Display Spoiler

Here is my current script which creates my ufw iptable rules:

Shell-Script: ufw.sh

# switch iptables to accept all and reset all rules
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X
ip6tables -P INPUT ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -F
ip6tables -X
# reset ufw rules
ufw reset
ufw disable
# first enable logging for psad
ufw logging off
#iptables -A INPUT -j LOG --log-tcp-options --log-prefix "[IPTABLES] "
#iptables -A FORWARD -j LOG --log-tcp-options --log-prefix "[IPTABLES] "
#ip6tables -A INPUT -j LOG --log-tcp-options --log-prefix "[IPTABLES] "
#ip6tables -A FORWARD -j LOG --log-tcp-options --log-prefix "[IPTABLES] "
# SSH
ufw allow ssh/tcp
#ufw limit ssh/tcp # Disable this if you transfer files e.g. using rsync
# Services
ufw allow submission/tcp
ufw allow urd/tcp
ufw allow smtp/tcp
ufw allow ftp/tcp
ufw allow ftp-data/tcp
ufw allow ftps/tcp
ufw allow ftps-data/tcp
ufw allow imaps/tcp
#ufw allow pop3s/tcp # pop3 is no longer supported for me due to non ssl connection
#ufw allow imap2/tcp # imap without ssl is no longer supported for me due to non ssl connection
#ufw allow 4190/tcp # managedsieve port e.g. to use it with thunderbird plugin
ufw allow http/tcp
ufw allow https/tcp
#ufw limit ftps/tcp
#ufw limit ftp/tcp
# I-MSCP
ufw allow 4443/tcp
#ufw allow http-alt/tcp # port 8080 is no longer supported for me
# Webmin
#ufw allow 10000/tcp
# Teamspeak
#ufw allow 9987/udp
#ufw allow 30033/tcp
#ufw allow 10011/tcp
#ufw allow 41144/tcp
# Whitelist addresses
#ufw allow from 1.2.3.4/32 # whitelist ipv4 address
#ufw allow from 1234:1234:1234:1234:FFFF:FFFF:FFFF:FFFF/128 # whitelist ipv6 address
# securely enable firewall
ufw enable
echo 'UFW enabled'
echo 'if you can read this press ctrl+c - if not firewall gets disabled in 60 seconds'
echo 'if you can read this press ctrl+c - if not firewall gets disabled in 60 seconds'
echo 'if you can read this press ctrl+c - if not firewall gets disabled in 60 seconds'
sleep 60
# Disable again
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F
iptables -X
ip6tables -P INPUT ACCEPT
ip6tables -P OUTPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -F
ip6tables -X
# disable ufw
ufw disable

Display More

**bluecafe** · Jul 17th 2016

Did you use ufw and is it recommendable?

**UncleSam** · Jul 17th 2016

I use it now for about half a year and it works great for me. It has some good and some not so good parts:

Good:

Easy to configure (see above) - it configures all you need automatically (e.g. allow router connection, ...)

Not so good:

It is not offering the complete iptables functionality - that is the part which is making it easy for normal stuff and hard if you need more than ufw is able to do.

You can search the internet - there are tons of articles which discuss if ufw or iptables is better or not.

**bluecafe** · Jul 17th 2016

Thanks, I think I will give it a try.

UFW firewall or not?!?

Share

Similar Threads

Emails können empfangen werden aber gehen nicht raus

IMSCP Firewall

Firewall und Config-Prozessierung

Filezilla Could not list directory

Daily visitors