I would not recommend using “ufw” for configuring the firewall on a production server (as it’s not easily composable and lacks configurability for more complex rules). I can recommend “ferm” instead as it allows you to compose multiple config files (important for automation e.g. when using Ansible) and allows describing more complex rules that e.g. involve policies.
How would you define a production server? Do you mean in the context of a home server or a server used by a large company? The guide is intended for a server for home use. I hope anyone securing a large corporate server is not using information on GitHub. If they are then the company has far bigger problems than security.
I think for home use, ufw is probably good enough. I've been using it for 3+ years and it's worked out okay for me okay.
I have not heard of ferm but I will check it out. Thanks!
Sorry, very late reply: We deploy all our infrastructure with Ansible, hence we want to have a way to configure the firewall for each role individually without overwriting previous configuration. For example, we have firewall rules for IP-Sec connections, SSH connections from the bastion host and then specific configurations for applications like databases or message queues. With ferm we can just create individual configs for each of these and put them in a directory where they are loaded sequentially and automatically. This allows us to iteratively define firewall rules and deploy different Ansible roles.
For a home server ufw is probably good enough, as I said I wouldn't recommend it for "serious" use in a highly automated environment.
