0

I am trying to better understand measures that can be used to protect a web-application. I'm trying to determine which would be more effective, implementing a UFW or using IpTables.

From my perspective, they are both as effective as each other but the effectiveness of them is not based on the tools themselves but rather the rules implemented using them. That being said, I think the Iptables operate at the Transport layer and the UFW at the network layer.

For a web-app, which one would be more effective/appropriate to use? I think it would the UFW since it operates at the network layer where malicious packets can be dropped before reaching the transport layer but I remain quite unsure.

Would appreciate any insight into using a UFW or Iptables for web-apps.

Improve this question
1
  • 1
    The very first paragraph: en.wikipedia.org/wiki/Uncomplicated_Firewall and why do you think that "iptables" only works on the transport layer? en.wikipedia.org/wiki/Iptables If you can create a rule in iptables to block an IP, then that's the network layer. I have never heard of a firewall that only works at the transport layer. Commented Mar 31, 2022 at 11:27

1 Answer 1

Reset to default
2

UFW is just a frontend for iptables to make it easier to manage. If you create your rules with ufw, you'll see them when you run iptables -L -n -v.

iptables gives you more flexibility, but it's also slightly more complicated to configure - so use whichever one you're most happy with. If you use iptables, remember that it only affects IPv4 - you need to also use ip6tables if your server has IPv6.

Improve this answer
2
  • Ahh thanks so much for this explanation. While iptables is more flexible, the complexity might make it more difficult for a popular web-app to introduce new rules to better protect so a ufw would be more desirable? Commented Mar 31, 2022 at 18:33
  • If you're just going to do something like allow inbound 80 and 443 it really doesn't make any difference. If you need a more complicated setup you might struggle to do it with UFW - but it really depends on what you're trying to do. Commented Mar 31, 2022 at 19:10

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.