Re: How can I enable ufw firewall tool with an existing set of iptables rules?
- Date: Mon, 28 Aug 2017 21:53:56 +0100
- From: Joe <joe@xxxxxxxxxxxxxx>
- Subject: Re: How can I enable ufw firewall tool with an existing set of iptables rules?
On Mon, 28 Aug 2017 20:01:54 +0000
Tom Browder <tom.browder@xxxxxxxxx> wrote:
> Installing and enabling ufw sounds easy, but how is the existing set
> of iptables rules treated? I want to use ufw on a remote server and
> losing ssh would be disastrous!
I confess to no specific knowledge here, but I suspect none of the
firewall front-ends will accommodate an arbitrary iptables ruleset, as
the front-ends impose their own structure which would almost certainly
I tried two or three front-ends some years ago, but they were not suited
to my needs, and I've stayed with a custom iptables script. However,
all of them must allow some safe and relatively sane way to activate a
ruleset while guaranteeing one or more types of access. Many servers are
In this situation, I'd set up a skeleton test server in a local VM, and
confirm that I understood how to do this before trying it for real.
Even then I might set up a brute-force-and-ignorance reversion to the
original state in a cron job timed for ten minutes later if not
cancelled. And I'd still worry... how far do you have to travel if it