slickstack icon indicating copy to clipboard operation
slickstack copied to clipboard
verified publisher icon littlebizzy

Consider replacing UFW firewall with basic iptables rules

Open jessuppi opened this issue 2 years ago • 2 comments

A user on our Discord server suggested replacing UFW firewall with basic iptables could improve the simplicity and reliability of the configuration process.

I'm not sure if this would be a good idea or not, but it's certainly something we should consider.

Configuring UFW has been a challenge in SlickStack for a long time...

jessuppi avatar Jan 15 '23 08:01 jessuppi

How about csf. ufw doesn't support block a country's ip via country code.

skygunner avatar Mar 17 '23 11:03 skygunner

@skygunner Thanks for the feedback, I don't thinks CSF is in the Ubuntu apt packages. And for stability reasons, SlickStack has always used the default/LTS packages available.

Plus, personally I'm just not a fan of bundling massive lists of constantly changing IP ranges. I think that's one of the features that really belongs on a WAF like Cloudflare, it's something that large companies can maintain much better than a small team... actually I don't even think CSF has any public GitHub repo either.

jessuppi avatar Feb 14 '24 12:02 jessuppi