I’m trying to open a port for transmission but before I get to know either of the 2 options I’d like to know what you recommend and why.
OS is xubuntu 24.04
You must log in or register to comment.
if you use docker, docker ignores ufw rules
It’s not that Docker ignores rules, it’s that UFW doesn’t know how to handle rules it didn’t add itself. Docker (and possibly other software!) adds a new routing chain and UFW doesn’t mess with that so it doesn’t break any custom settings you may have.
I think it’s less about Docker ignoring anything and more about UFW not working like firewalls on operating systems like Windows.
It’ll also ignore the default firewalld rules. IIRC it uses the
internalzone instead
Iptables. Because in the end its iptables, so I learned it from the beginning „the right way“ and i am therefore not locked into one or another
Not anymore. It’s nftables these days. iptables to nftables converters exist, but they’re not 100% compatible.
Furthermore, with eBPF programmable firewalls are also efficient again, and there are various tools that leverage eBPF to do network operations at near-kernel speeds, often bypassing *tables rules you may have set up.
I use UFW personally but firewalld professionally. UFW ships with Debian based and firewalld with RHEL.
If suppose I might like UFW’s syntax a bit more.
The documentation is there for everyone to see. You can easily figure out what it takes to accomplish your task with both. Honestly though, why not just try it for yourself and come to your own conclusion. If you’re on Ubuntu, UFW is probably already installed.
Firewalld had, at least last time I checked, way more capabilities than UFW. Both are fine at being basic firewalls, but I don’t think you can build a router using just UFW.
Firewalld allows some pretty advanced rules. I use it to redirect a bunch of web requests going to a certain address over a local ssh tunnel.
Okay?
I was responding to OP who doesn’t seem to know much about firewalls or networking. OP is on Ubuntu which probably has UFW installed by default.
Building out Linux routers using nftables, iptables or Firewalld is a completely different topic.
I found firewalld had so many options that it was a bit overwhelming at first, especially understanding how zones were actually meant to be used, and how each zone had a default handover for the unhandled traffic. But OpenSUSE has a GUI for it so I was able to make sense of it. UFW seemed pretty user friendly and atraight forward.
IMO firewalld because it’s going to be more portable knowledge.
OS is xubuntu 24.04
Ubuntu defaults to ufw. That, by itself, justifies the use of ufw in your case.
How often are you going to be managing ports?
Just use any tool you like, all they do is fiddle with the Kernel’s filter table.
@merompetehla UFW and firewalld provide a higher level of control, which means that they are quicker to learn, easier for simple tasks but harder to use in more granular levels. Their setup is translated into iptables rules at the end. With Iptables or its successor Nftables, you’ll need to invest a bit more time to learn but have a more granular level of control at the end. I hope this helps.
I like firewalld. Its also used on many enterprise distros (RHEL, SLES).
But if you just have to open one port for something, just use what’s installed on your distro.
Network Filter Tables (NFT) is the current system. https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
