Uncomplicated Firewall (ufw)
The easiest way to get firewall in Chimera is through
is also used on Ubuntu by default and is available on many distributions.
UFW is a frontend to
iptables, designed to be easy
# apk add ufw
# dinitctl enable ufw # ufw enable
Verify it is enabled:
# ufw status
A simple configuration that allows SSH and webservers is something like:
# ufw default deny incoming # ufw default allow outgoing # ufw allow ssh http https # ufw limit ssh
This will also limit SSH connections against brute-force.
If you wish to manage your firewall in a more low-level way, the
recommended method is through
# apk add nftables
It comes with a service that loads rules from
You can enable it with:
# dinitctl enable nftables
If you change the rules, just
dinitctl restart it. Stopping the
service will flush the rules.
iptables package provides the legacy firewall. You can install
# apk add iptables
rulesets serve as an example.
There are two services,
ip6tables, which load rules
respectively. You can configure your firewall and generate the files
In any case, enabling the services is as usual:
# dinitctl enable iptables # dinitctl enable ip6tables
Restart the services when you change your rules. Stop the servics to flush the rules.