I also found UFW too uncomplicated - I have needed to do some unusual things in the past (i.e.
With ferm, I have a ferm.d directory of config files, generally one per ansible role which needs something firewalling, and then reload ferm to apply all the config in one go. This takes a noticeable amount of time, and when you have many servers it can take a long time. iptables doesn't support modifying the existing list of rules, only replacing them, so each UFW rule you add requires it to read the list of iptables rules from the kernel, make its changes, and write them all back.
My use case is with config management and I'm setting somewhere between 10 and 50 firewall rules per server, and I found UFW annoyingly slow in that scenario.
0 kommentar(er)
