Vesta firewall and UFW conflct?

[skurudo]

I used UFW and VestaCP, but in the end I shut down ufw. UFW used iptables, VestaCP used iptables too. Believe me, you don't need two interfaces to edit one service - iptables.

[mcsteevie]

I used UFW and VestaCP, but in the end I shut down ufw. UFW used iptables, VestaCP used iptables too. Believe me, you don't need two interfaces to edit one service - iptables.

Agreed. iptables is extremely sensitive. Vesta already uses it's own way of editing iptables (config files are here: /usr/local/vesta/data/firewall/). Vesta uses a ports.conf, rules.conf, chains.conf and banlist.conf file.

UFW would specifically need to use these config files or iptables would break. My best advice would be to move away from using UFW. If you're feeling brave, it would be interesting to see if you can find a way of making UFW use the existing files in /usr/local/vesta/data/firewall/.

As for advantages, both Vesta and UFW essentially do the same thing - allow you to configure rules in iptables. With Vesta, you get the advantage of managing this via the web interface but otherwise, iptables does the same thing regardless of what you use to manage it. The "clever" bit is fail2ban which is used to dynamically block ips which are trying to cause trouble.

[brit]

I like the Vesta GUI for managing ports. The issue I am having is that I used Vesta iptables GUi to open port 8080 but when I do nmpa localhost i don't see port 8080 in the list of open ports. Any thoughts?
Thanks.