Over a million developers have joined DZone.

Command-line firewall management still sucks

DZone's Guide to

Command-line firewall management still sucks

· DevOps Zone ·
Free Resource

Is the concept of adopting a continuous everything model a daunting task for your fast moving business? Read this whitepaper to break down and understand one of the key pillars of this model in Continuous Governance: The Guardrails for Continuous Everything.

And now a break from my usual programming-related posts to bring you something back on the sysadmin side of the fence, for a change. I’m in the process of setting up a new VPS for myself, and probably will move my blog over to it when it is all set up. I say VPS, but really it is an OpenVZ container (which I guess passes for VPS just about as well). The critical difference is that you are running under the steam of the host system’s kernel, and there are numerous kernel-related changes you just cannot make. Frankly, I’m glad – I don’t particularly feel like managing the entire system down to kernel tunables.

Sadly this particular VPS comes with no external firewall management, so I’m back in the land of having to ensure at least a small amount of basic protection. I definitely don’t want to write my own ruleset (especially not properly stateful rules), Filtergen is acceptable but really outdated, and the last time I was using Ubuntu on my day to day laptop, I was using UFW (which is simple, but also not very nice). I really don’t want to go for one of these completely integrated systems with a control panel.

So I have settled on UFW for the time being. Sadly, it seems to completely fail in this OpenVZ environment due to numerous modules that cannot be inserted into the running kernel, some sysctl settings etc. You can find a reasonable summary of that here. For now, I’ve run through removing all the unnecessary cruft and have a just-working ruleset. It does sadden me that there isn’t anything better, although to be fair, I’ve been completely ignoring any developments here for the last year and a half.

IS there anything better? Drop me a comment if you have any good suggestions.

Are you looking for greater insight into your software development value stream? Check out this whitepaper: DevOps Performance: The Importance of Measuring Throughput and Stability to see how CloudBees DevOptics can give you the visibility to improve your continuous delivery process.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}