ferm VS ConfigServer Firewall

I remember hating shorewall and similar ones because, well, I know iptables, and I know exactly what I want so using anything that tries to abstract it into it's own approach is torture as I need to take the rules I want and translate it to whatever mediocre paradigm shorewall (or ufw, or near-any other firewall manager in the wild) decided to put on top of iptables. I ended up using ferm... - Source: Hacker News / 9 months ago

I'm a big fan of ferm. Many major distros have it readily available as a package, and it makes for beautifully readable firewall definitions. Source: about 1 year ago

The last time I needed to do complex iptables stuff, I found FERM really helpful. The structured config language greatly reduces the amount of boilerplate code you have to type, while still having a pretty direct mapping to the emitted iptables rules. A bit like compiling sass to css. Source: about 2 years ago

Also just about last thing I want is to deploy another configuration management system alongside the system that manages everything else on machine. Currently we just use Puppet to deploy ferm rules (which is best described as "iptables+", naming convention and such are still iptables-like but a lot of macros/syntax sugar around it). Source: almost 3 years ago

In this post we will discuss how to use efficiently IPSET with CSF (ConfigServer Security & Firewall) Firewall. Unfortunately, I will not discuss what CSF is because it's not within the scope, but you can read about it here. - Source: dev.to / about 2 months ago

At the very least, the free ConfigServer CSF is a more robust firewall addon that blocks brute force attempts, mod security failures, and so on. It's relatively easy to install, has a ton of options, and it's easy to whitelist IPs if your users have trouble. The same dev has a virus & malware scanner that's available as a one-time purchase. Source: about 1 year ago

Use CSF (linux only) to cut down some basic attacks https://configserver.com/configserver-security-and-firewall/. Source: over 1 year ago

Seems like a GUI wrapper (other than the graphs) so may not solve the OPs issue of things like Docker complicating the firewall. Source: over 1 year ago

You should not have ANY ports on the home network open to the outside. NONE. If you insist on running a public-facing service at home, use a VPS with an ARGO tunnel. No SQL ports should be open to anywhere, not even on a private net. Use SSH tunnels to access if needed. As long as everything is closed to the outside, a consumer-grade firewall, along with every node on the home network protected by Configserver... Source: over 2 years ago