The complicated process for removing the “uncomplicated firewall”

If your new to linux, ufw is very useful tool. Really simple to install with ubuntu.

However, should you choose to get rid of it for some reason, it leaves behind quite a mess.
Here is a quick script to clean up the mess.

Here is the whole process as a bash script:

iptables -P INPUT ACCEPT
iptables -X ufw-user-output

iptables -X ufw-user-logging-output
iptables -X ufw-user-logging-input
iptables -X ufw-user-logging-forward
iptables -X ufw-user-limit-accept
iptables -X ufw-user-limit
iptables -X ufw-user-input
iptables -X ufw-user-forward
iptables -X ufw-track-output
iptables -X ufw-track-input
iptables -X ufw-skip-to-policy-output
iptables -X ufw-skip-to-policy-input
iptables -X ufw-skip-to-policy-forward
iptables -X ufw-reject-output
iptables -X ufw-reject-input
iptables -X ufw-reject-forward
iptables -X ufw-not-local
iptables -X ufw-logging-deny
iptables -X ufw-logging-allow
iptables -X ufw-before-output
iptables -X ufw-before-logging-output
iptables -X ufw-before-logging-input
iptables -X ufw-before-logging-forward
iptables -X ufw-before-input
iptables -X ufw-before-forward
iptables -X ufw-after-output
iptables -X ufw-after-logging-output
iptables -X ufw-after-logging-input
iptables -X ufw-after-logging-forward
iptables -X ufw-after-input
iptables -X ufw-after-forward
apt-get remove ufw
#As a basic firewall I’d recommend the following:
iptables  -F
iptables  -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables  -A INPUT -i lo -j ACCEPT
iptables  -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables  -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
iptables  -A INPUT -p tcp -m tcp –dport 13160-j ACCEPT
iptables  -A INPUT -d XX_REPLACE_WITH_YOUR_SERVER_IP/32 -p icmp -m icmp –icmp-type 8 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables  -A INPUT -d XX_REPLACE_WITH_YOUR_SERVER_IP/32 -p icmp -m icmp –icmp-type 0 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
This will:
Reset the default policy of INPUT to ACCEPT so we don’t get locked out of our box.
Then  remove the custom ufw chains, flush all existing rules, accept established connections, accept all connections on loopback device, accept all connects to ports 80(http),443(https), and 22(sshd)
It will also accept pings from machines which have established a connection. With large packet support now enabled by default in the linux kernel, its important to allow some pings to be accepted. Then we set the default policys of input and forward to drop and output to accept.
Make sure you replace XX_REPLACE_WITH_YOUR SERVER_IP with your servers ip address.

Install errors from missing locales

While setting up a lamp stack in a VPS using ubuntu 10 LTR, I got the following error:
Setting up php5-cli (5.3.2-1ubuntu4.5) ...
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_US.utf8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C")

I was also getting a similar error from locale -a
locale -a
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_COLLATE to default locale: No such file or directory

It appears this VPS provider doesn’t have any locales installed by default. I fixed it by installing my locale via apt-get.

apt-get install language-pack-en-base


Update – 1-23-2011

If your using debian instead of ubuntu, see

  1. Install debconf (i.e. run apt-get update then apt-get install debconf, as root)
  2. Run dpkg-reconfigure locales as root