Home / server / Questions / 376137
Accepted
Trent Scott
Asked: 2012-04-03 18:35:15 +0800 CST

Firewalls (ufw vs apf) on Ubuntu

  • 772

On my LAMP servers, do either of the firewall interfaces (ufw or apt) allow you to setup rate limiting to automatically ban brute force attempts (e.g. via SSH)? Or, is it best to install fail2ban in conjunction with strict firewall rules?

firewall security ssh lamp fail2ban

3 Answers

  1. Best Answer

    For ufw look into the limit command.

    sudo ufw limit ssh

    From the ufw man page section on the limit command:

    RULE SYNTAX
   [...]

   ufw supports connection rate limiting, which is useful  for  protecting
   against  brute-force  login attacks. ufw will deny connections if an IP
   address has attempted to initiate 6 or more connections in the last  30
   seconds.    See  http://www.debian-administration.org/articles/187  for
   details.  Typical usage is:

     ufw limit ssh/tcp
    • 4

  2. I ALWAYS recommend spending the time to learn how the firewall rules work.

    UFW may meet your needs today but it's limited, and it may not do what you need tomorrow and you need it RIGHT NOW.

    Spend some quality time with some webpages talking about IPTables (properly called NetFilter). It's time well spent if your setup will be growing in complexity or scope in the future.

    • 2

  3. ufw is not more than an interface to manage netfilter rules. From man ufw, you can read:

    ufw - program for managing a netfilter firewall

    Several netfilter modules can be used to implement different security measures. Have a look at this page. You can see limit and iplimit modules. You can find also recent module.

    Fail2ban is nice as it allows you to block some IPs by modifying your firewall rules. It can scan log files to detect breaking attempts. Also, it can be configured to do an arbitrary action such as alerting you and/or executing some script, etc...

    • 1