Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Command-line firewall management still sucks

DZone's Guide to

Command-line firewall management still sucks

· DevOps Zone
Free Resource

Download the blueprint that can take a company of any maturity level all the way up to enterprise-scale continuous delivery using a combination of Automic Release Automation, Automic’s 20+ years of business automation experience, and the proven tools and practices the company is already leveraging.

And now a break from my usual programming-related posts to bring you something back on the sysadmin side of the fence, for a change. I’m in the process of setting up a new VPS for myself, and probably will move my blog over to it when it is all set up. I say VPS, but really it is an OpenVZ container (which I guess passes for VPS just about as well). The critical difference is that you are running under the steam of the host system’s kernel, and there are numerous kernel-related changes you just cannot make. Frankly, I’m glad – I don’t particularly feel like managing the entire system down to kernel tunables.

Sadly this particular VPS comes with no external firewall management, so I’m back in the land of having to ensure at least a small amount of basic protection. I definitely don’t want to write my own ruleset (especially not properly stateful rules), Filtergen is acceptable but really outdated, and the last time I was using Ubuntu on my day to day laptop, I was using UFW (which is simple, but also not very nice). I really don’t want to go for one of these completely integrated systems with a control panel.

So I have settled on UFW for the time being. Sadly, it seems to completely fail in this OpenVZ environment due to numerous modules that cannot be inserted into the running kernel, some sysctl settings etc. You can find a reasonable summary of that here. For now, I’ve run through removing all the unnecessary cruft and have a just-working ruleset. It does sadden me that there isn’t anything better, although to be fair, I’ve been completely ignoring any developments here for the last year and a half.

IS there anything better? Drop me a comment if you have any good suggestions.

Download the ‘Practical Blueprint to Continuous Delivery’ to learn how Automic Release Automation can help you begin or continue your company’s digital transformation.

Topics:

Published at DZone with permission of Oliver Hookins, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}