Over a million developers have joined DZone.
Platinum Partner

Command-line firewall management still sucks

· DevOps Zone

The DevOps Zone is brought to you in partnership with New Relic. Improving the performance of your app is easy with New Relic's SaaS-based monitoring.

And now a break from my usual programming-related posts to bring you something back on the sysadmin side of the fence, for a change. I’m in the process of setting up a new VPS for myself, and probably will move my blog over to it when it is all set up. I say VPS, but really it is an OpenVZ container (which I guess passes for VPS just about as well). The critical difference is that you are running under the steam of the host system’s kernel, and there are numerous kernel-related changes you just cannot make. Frankly, I’m glad – I don’t particularly feel like managing the entire system down to kernel tunables.

Sadly this particular VPS comes with no external firewall management, so I’m back in the land of having to ensure at least a small amount of basic protection. I definitely don’t want to write my own ruleset (especially not properly stateful rules), Filtergen is acceptable but really outdated, and the last time I was using Ubuntu on my day to day laptop, I was using UFW (which is simple, but also not very nice). I really don’t want to go for one of these completely integrated systems with a control panel.

So I have settled on UFW for the time being. Sadly, it seems to completely fail in this OpenVZ environment due to numerous modules that cannot be inserted into the running kernel, some sysctl settings etc. You can find a reasonable summary of that here. For now, I’ve run through removing all the unnecessary cruft and have a just-working ruleset. It does sadden me that there isn’t anything better, although to be fair, I’ve been completely ignoring any developments here for the last year and a half.

IS there anything better? Drop me a comment if you have any good suggestions.

The DevOps Zone is brought to you in partnership with New Relic. Know exactly where and when bottlenecks are occurring within your application frameworks with New Relic APM.


Published at DZone with permission of Oliver Hookins , DZone MVB .

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}