Web lists-archives.com

Re: How can I enable ufw firewall tool with an existing set of iptables rules?




On Mon, 28 Aug 2017 20:01:54 +0000
Tom Browder <tom.browder@xxxxxxxxx> wrote:

> Installing and enabling ufw sounds easy, but how is the existing set
> of iptables rules treated?  I want to use ufw on a remote server and
> losing ssh would be disastrous!
> 

I confess to no specific knowledge here, but I suspect none of the
firewall front-ends will accommodate an arbitrary iptables ruleset, as
the front-ends impose their own structure which would almost certainly
conflict.

I tried two or three front-ends some years ago, but they were not suited
to my needs, and I've stayed with a custom iptables script. However,
all of them must allow some safe and relatively sane way to activate a
ruleset while guaranteeing one or more types of access. Many servers are
administered remotely.

In this situation, I'd set up a skeleton test server in a local VM, and
confirm that I understood how to do this before trying it for real.
Even then I might set up a brute-force-and-ignorance reversion to the
original state in a cron job timed for ten minutes later if not
cancelled. And I'd still worry... how far do you have to travel if it
goes wrong?

-- 
Joe