On Wed, 17 Jul 2019, Chris Lamb wrote: > Jamie Strandboge wrote: > > > Again, I'm biased, but ufw supports IPv6. It's also been on the default > > server > > and desktop install of Ubuntu for 9+ years. ufw functions well for bastion > > hosts, less so for routers (though it has some facility there). > > It also has a first-class Ansible module which (given a flood of > firewall options around when I needed to pick something in haste > around the time of the stretch releaseā¦) was actually the deciding > factor for me: > > https://docs.ansible.com/ansible/latest/modules/ufw_module.html
Oh, nice! I should probably collect the various projects that integrate with ufw and list them somewhere... (I've added that to my todo). Related, I have some improvements for fail2ban I've been meaning to upstream as well that make it work a lot better, esp wrt IPv6. On that note and to anyone participating in this thread or just coming across it some time in the future, if there are things that would make ufw better in Debian (particularly wrt bastion use cases), I'm happy to make improvements regardless of if it is a candidate as the default or not (please file bugs :). -- Email: ja...@strandboge.com IRC: jdstrand
