On Mon, 28 Aug 2017 20:01:54 +0000 Tom Browder <tom.brow...@gmail.com> wrote:
> Installing and enabling ufw sounds easy, but how is the existing set > of iptables rules treated? I want to use ufw on a remote server and > losing ssh would be disastrous! > I confess to no specific knowledge here, but I suspect none of the firewall front-ends will accommodate an arbitrary iptables ruleset, as the front-ends impose their own structure which would almost certainly conflict. I tried two or three front-ends some years ago, but they were not suited to my needs, and I've stayed with a custom iptables script. However, all of them must allow some safe and relatively sane way to activate a ruleset while guaranteeing one or more types of access. Many servers are administered remotely. In this situation, I'd set up a skeleton test server in a local VM, and confirm that I understood how to do this before trying it for real. Even then I might set up a brute-force-and-ignorance reversion to the original state in a cron job timed for ten minutes later if not cancelled. And I'd still worry... how far do you have to travel if it goes wrong? -- Joe