Iptables configuration

O

olluz

Active Member
May 9, 2020
30
2
28
50
Hi there,

is there anybody out there who's willing to share his/her Iptables configuration ? I've used ufw successfully until now, but ufw tends to get quite slow over time and I've decided to get rid of it.

I'm quite the newbie in iptables though and was hoping someone is willing to share their config ?

I'm not looking for anything fancy, just:
Block any incoming traffic except p:22 and p:8006 from a designated IP
Allow p:25 from anywhere and all outgoing traffic

Any recommendations or even example configurations are highly appreciated.
Thanks in advance!
 
Hi Udo,
thanks for the reply.
I'm using the Mail Gateway and afaik this option is not available.
 
olluz said:
I'm using the Mail Gateway and afaik this option is not available.
Click to expand...
Ooops. My fault, sorry.

Are you sure the ufw generated rules would really slow down your system? You could just test it...
 
thanks again and no worries.
Yes, I've tested it and it really does slow it down. After a few hundred entries it takes ages to add a new entry.
I'm planning to use Iptables for country blocking and I'm afraid this will just not be feasible with ufw. Which is a pitty, because ufw is pretty straightforward and easy to use compared to Iptables.
 
Last edited:
  • Like
Reactions: UdoB
olluz said:
thanks again and no worries.
Yes, I've tested it and it really does slow it down. After a few hundred entries it takes ages to add a new entry.
I'm planning to use Iptables for country blocking and I'm afraid this will just not be feasible with ufw. Which is a pitty, because ufw is pretty straightforward and easy to use compared to Iptables.
Click to expand...
If you want to geo block with iptables you should see better performance with ipsets. I am not sure ufw does that for you. IIRC I used that approach with geoblocking on a consumer grade router years ago and it handled it ok.
 
You must log in or register to reply here.
Top Bottom