What is Reddit's opinion of ufw?

From 3.5 billion Reddit comments

You should be able to generate an SSH keypair on her Mac with the same commands as you normally would. Then you can add the public key to your server's authorized keys. This should also allow you to revoke the key for the Mac if, say, it got stolen or sold on, without having to regenerate a new one on your laptop.

I use connectbot from my old Android phone and it works fine with SSH keys.

edit: In addition, you might want to use ufw to deny incoming requests on any port by default except those services you explicitly allow. For example, one can permit requests for SSH access (but not necessarily access itself, which is handled by sshd) from one's LAN, but limit incoming requests from everywhere else. Botnets' requests are usually very frequent, so will trigger ufw to deny all incoming requests from that IP if they attempt to log in more than six times in thirty seconds. A normal login from your laptop or phone will only involve one request, so won't trigger this rule.

These firewall policies, the obfuscated port, and disallowing password login have been my basic set-up since discovering similar opportunistic attacks in my Debian server's /var/log/auth.log (might be a different location on your system: just run "grep Fail thisfile" and "grep Accept thisfile" on this file when you find it). After adopting them, I found that incidents almost completely stopped. Most of the warnings and failed logins are now from my misspelling something.

Io personalmente l'ho fatto a livello di router (openWrt) con il plugin banip. https://github.com/openwrt/packages/tree/openwrt-19.07/net/banip

Se tutti i tuoi servizi sono su un raspberry pi, direi che la cosa migliore e' mettere firewall sul raspberry per le connessioni inbound, con DROP di default a meno che le connessioni provengano dalla tua sottorete di casa o da una whitelist che include gli indirizzi dei vostri ISP nella famiglia quando non siete a casa. (Esempio: se avete cellulare TIM dovete scoprire qual e' il range di indirizzi TIM e includerlo, etc...).

Probabilmente una buona idea e' studiare bene la documentazione di Uncomplicated Firewall (ufw) e configurare da te la cosa. Evita walkthrough generici e prenditi il tempo di capire come funziona.

https://launchpad.net/ufw https://wiki.archlinux.org/index.php/Uncomplicated_Firewall

>I just started using ufw https://launchpad.net/ufw and I found that it only shows --help for the root command

Weird.. I can print ufw man page with my nonelevated user. I'm not on Ubuntu tho..

> Rate-limited queries are answered with a REFUSED reply and not further processed by FTL.

While it does not stop your phone from sending it blocks it as soon as it can. Pi-hole doesn't do a lookup, so it should not have too much of an impact. The amount of incoming requests should not bog down your Pi-hole, unless it has very limited hardware and/or is already resource deprived.

Another option is to use UFW and rate limit incoming packets. Because it's a firewall, it will block the queries even before they hit Pi-hole, but it might be a tad more tricky to set up. I also don't know if you can set it as a limitation per client or only in general (per port/rule). If per rule, you could probably set the source IP to your phone (provided it has a fixed IP). I'll leave that for you to investigate further.

Con questo voglio dire che sia alla portata del 99%, non a caso il suo nomignolo per gli amici il gabbione. Ovviamente sarà sempre meglio il cavo ethernet ma non è arrivata ieri, il tempo di capire come funziona. https://launchpad.net/ufw. https://wiki.archlinux.org/index.php/Uncomplicated_Firewall.

Ci permettiamo di segnalarti che questo subreddit non si tratta di capire come funziona. https://launchpad.net/ufw. https://wiki.archlinux.org/index.php/Uncomplicated_Firewall. Io ai ragazzi del mio team sono il primo a tenerlo disabilitato (purtroppo non si può permettere di perdere tempo :).

UFW is not a firewall. It is a simplified command line interface for managing netfilter. I think the hierarchy looks like this:

user -> ufw -> netfilter -> iptables

EDIT: I may have that a bit out of order, but read more about it at ufw in Launchpad