PDA

View Full Version : What is the best firewall for a web server? UFW? APF? Something Else?



THPubs
August 24th, 2012, 09:47 AM
Im trying to configure a web server and just want to know what firewall should I install in it? APF? UFW? or something else?

Lars Noodén
August 24th, 2012, 10:00 AM
UFW (https://help.ubuntu.com/community/UFW) and the others are just front-ends for iptables. So you could use either. I gather that UFW is the officially supported front-end so you could go with that unless you want or need extras like rate limiting.

THPubs
August 25th, 2012, 02:51 AM
UFW (https://help.ubuntu.com/community/UFW) and the others are just front-ends for iptables. So you could use either. I gather that UFW is the officially supported front-end so you could go with that unless you want or need extras like rate limiting.

We can use programs like fail2ban for rate limiting right?

2F4U
August 25th, 2012, 06:53 AM
We can use programs like fail2ban for rate limiting right?

You are right:

https://help.ubuntu.com/community/Fail2ban

Lars Noodén
August 25th, 2012, 09:05 AM
Rate limiting is also built into iptables. So if you work directly with iptables, you don't need extras. It's a little harder to find good documentation on iptables, though, but it is the simplest way to go.



...
iptables -A INPUT -p icmp --icmp-type echo-request \
-m limit --limit 1/s -i eth0 -j ACCEPT
...
iptables -A INPUT -p TCP --dport 22 -m state --state NEW \
-m limit --limit 4/minute --limit-burst 5 -j ACCEPT
...
iptables -A INPUT -p TCP -j RETURN

samiux
August 25th, 2012, 04:58 PM
Im trying to configure a web server and just want to know what firewall should I install in it? APF? UFW? or something else?

I would like to recommend application firewall for web server. However, those are add-ons to the web server.

If you want a lightweight, fast and secure web server, I would recommend Hiawatha (http://www.hiawatha-webserver.org/).

Why I suggest Hiawatha? It is because of her features (http://www.hiawatha-webserver.org/features).

If you want to install Hiawatha on Ubuntu Server, you can refer to this HOWTO (http://secure-ubuntu-server.blogspot.hk/2012/06/howto-highest-secured-hiawatha-web.html).

Samiux