[arm-allstar] possible firewall confusion --was:UFW start on boot

David McGough kb4fxc at inttek.net
Sat May 12 14:24:15 EST 2018 


Hi Everyone,

I'm just catching up on today's thread about firewall setup and want to 
make a few comments.

First, understand that *ALL* standard Linux firewall elements are the same
underneath the covers---all these tools allow the user to adjust the Linux
netfilter rules and other resources provided by the Linux kernel.

For those users who are unfamiliar with with Linux kernel-based firewalls,
Linux itself provides a very competent firewall! This is one reason Linux 
is popular as the OS used on many routers and other networking devices.

The Linux iptables program has historically been a primary tool to tickle
the netfilter rules. In most cases, I still recommend using iptables
directly! The reason is simple: you know EXACTLY what you're getting. I
use iptables for virtually all the Linux firewall / traffic filters I
setup.

More recently, tools like UFW ("Uncomplicated Firewall") have come along.  
It should be noted that UFW is NOT "another" firewall for Linux. It's just
another command language to access the very same netfilter rules. More
importantly, UFW is currently just a front-end to iptables, running the
same iptables commands behind the scenes!

I won't go into the usage cases where you need or don't need a firewall on
your HamVoIP node in this message. If you do need a firewall, for most
users it will be a very simple set of rules; nothing "complicated" about
it at all.

I will note that if your node is on a private IP address, sitting behind a 
NAT router, most users don't need to worry about this at all.

If your HamVoIP node lives on a live IP address, again there are only a 
few iptables rules users MAY need to add.



73, David KB4FXC






On Sat, 12 May 2018, "Jim Darrough via arm-allstar" wrote:

> Hello.

     Rory and I figured out how to start UFW when the RPi boots.

add the following two lines to /etc/rc.local BEFORE exit 0:

#!/bin/sh
/usr/sbin/ufw enable

We also added

/usr/sbin/ufw logging off

This solved our problem. UFW automatically starts after a reboot, 
including a power-down restart.


73 Jim KI7AY

More information about the arm-allstar mailing list