Why, If your VPS host has a configurable firewall you should uninstall the ubuntu UFW and iptables and use the external firewall provided by your VPS. Your server will have greater security than UFW and iptables can provide you with. Your server will be safer and more secure using your VPS hosts included external configurable firewall. Thumbs down for UFW (Universal firewall) it is rubbish, fools gold, false sense of security!
First configure your VPS firewall with your deny and allow rules than:
apt remove ufw
apt remove iptables
Done, your server will have greater security and if a hacker breaches you they will look to disable or modify ufw firewall rules and ufw and iptables will not exist on your server because, your firewall is external and you will also put less server drain on your server by not having those firewalls. No ufw and no iptables means a hacker has lost the edge!
When I was using UFW with iptables I block IP with UFW and iftop shows they are still coming which is expected from iftop but, the problem I get is UFW (universal firewall) does not record in the logs that they were blocked and iftop does show they keep on coming! Even with a setting of “ufw logging high” which I understand logs everything. iftop shows they are still coming, but, shouldn’t UFW record in the logs BLOCKED? I think so and come to the conclusion UFW is like a toy camera…. The UFW logs should give you a sense of security when it shows it is blocking what you instructed to block. But, UFW does not, begs the question, did UFW BLOCk what you instructed? I think not! The idea behind setting ufw logging to high is so you can monitor and see if ufw is doing the job you expect. If so great, switch ufw logging low again…
With my email server, dovecot, postfix etc. I set for high debug mode to monitor what is happening, it shows you what passwords are given etc. This is what you expect in high log mode, This way you can resolve issues fast and see if there really is a threat and once you see no threat and the mail server is working fine you revert back to normal logging mode. Not the case with UFW, ufw either isn’t working correctly or, the logging is fatally flawed and you’re unable to determine if you’ve been hacked or not. But, your bandwidth and server resource usage will give you an idea. Topic for another day.
My server has a front end firewall and I use to use UFW as secondary for convenience, easier to setup a block. (but my trust in UFW was low) with good reason not to for frontline defence). But, is easier to use and block better? Time and time again I find UFW, didn’t always block or is it blocking and not logging? Questionable! Hence, the reason I “apt remove ufw”.If you’re not going to log it for me F off!
When I had seen and believed UFW isn’t blocking, as easily seen in the logs I use the frontline firewall to block the friends of UFW. Annoying because I prefer the frontline firewall to be frontline defence only and it requires logging into the server porthole to configure and do what UFW can’t seem to do. But. it does what UFW isn’t competent at, but it seems, UFW is not as good as the claims are made about it. UFW, if you have a log, and you blocked someone, shouldn’t that be recorded in the log. Especially during monitoring I set UFW logging high and ufw allow log 80,443/tcp and nothing recorded about a BLOCK, just ALLOW, ALLOW and o yeah, ALLOW even though iftop shows them knocking at the door with data transfers.
Hence, since I have to use the frontline firewall as defence for peace of mind because ufw is not logging that it’s doing the job, I ask myself, “What is the point of UFW with no peace of mind?” Answer, apt remove ufw.
When I block an IP I issued, ufw insert 1 deny from xxx.xxx.xxx.xxxx or if pesty Amazon or Brazilian servers go for xxx.xxx.xxx.0/24 and blocked a larger range of the pesty inbreeds.
For peace of mind and your VPS provider has a configurable firewall do as I have done and apt remove ufw….. It’s fools gold!