IPTABLES is faster than UFW, change my mind.

TL;DR: Learn and use iptables instead. Much faster and has wide support (at least in docker).

I use UFW since I started to self-host because people kept talking about it and how much it's good and easy to use, and it was, do not get me wrong. It's easy to use, but it was slow. And I can live with its slowness, but I could not bear it when I started to use mailcow, Because of slow SMTP connection times. I thought it's the normal to be honest, sending email takes around 30s to complete. And after asking online I found people usually wait 5s to complete sending email and I said FUUUUUCK. You guys wait 5s? Started to look into it more to understand what causes it, but nothing. Until I suspected in UFW and I closed it and boom, sending email only takes 3s now. I said wow, but then said fuck, now I have to live without firewall? No, no, no. So I gave up and enabled UFW again and called it a day, but I had enough with it, so I came back and someone recommended for me to use IPTABLES instead, and I was like, WTF? UFW is IPTABLES, but I tested and indeed now sending time only takes ~5s, and I was like wow (again) it's much faster. And this is why in the last couple of days I had major outages because simply I was learning iptables 😂. So what we learn here is if you have a chance, learn iptables, it's much faster than UFW (at least in my case) plus what I learned too is that docker uses its own iptables (so you do not need to add ports for your docker containers because docker already do it for you) so if you want to control docker rules, you will have to do it inside iptables not UFW.

Here are some good sources, I learned from it: – https://github.com/ChrisTitusTech/firewallsetup (https://youtu.be/qPEA6J9pjG8) – https://serverfault.com/a/200658 – https://serverfault.com/a/758499 – https://www.cyberciti.biz/faq/how-to-set-up-wireguard-firewall-rules-in-linux/ – https://superuser.com/a/427472

NOTE: Unlike UFW, you need to save your rules in a file by using iptables-save and in my case that file was /etc/iptables/rules.v4

#thoughts