configuring-firewalls_skill

This skill helps you configure host-based and cloud firewall rules with practical patterns for web, database, and bastion scenarios.
  • Python

291

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill ancoleman/ai-design-components --skill configuring-firewalls

  • outputs.yaml9.2 KB
  • SKILL.md13.6 KB

Overview

This skill shows engineers how to configure host-based firewalls (iptables, nftables, UFW) and cloud security controls (AWS Security Groups, NACLs, GCP, Azure NSGs) with practical, safe rules for web servers, databases, and bastion hosts. It focuses on concrete patterns, safety checks to avoid lockouts, and defense-in-depth recommendations across host, cloud, and container environments. Examples include ready-to-use UFW snippets, nftables rulesets, and Terraform Security Group templates.

How this skill works

The skill inspects the target environment and recommends the appropriate tool (UFW/firewalld/nftables/iptables or cloud provider firewall). It provides step-by-step rule examples, safety checklist items (always allow SSH, test rules, logging), and deployment commands. For cloud resources, it offers Security Group/NACL patterns and Terraform snippets; for containers, it points to Kubernetes NetworkPolicy templates and CNI requirements.

When to use it

  • Initial server hardening during provisioning
  • Exposing a new service (web, API, or database) to the network
  • Creating a bastion/jump host and centralizing SSH access
  • Implementing network segmentation or DMZs for multi-tier apps
  • Migrating host firewall stacks (iptables → nftables) or adding egress filtering

Best practices

  • Start with default deny and explicitly allow required ports/IPs
  • Always allow SSH (or ensure console access) before enabling rules
  • Use principle of least privilege: avoid 0.0.0.0/0 on sensitive ports
  • Enable and monitor firewall logging; keep rules in version control
  • Avoid running conflicting tools (don’t run iptables and nftables simultaneously)
  • Test rules in staging and verify externally with nmap or service checks

Example use cases

  • Basic web server: UFW rules allowing HTTP/HTTPS and SSH only from office or bastion
  • Database server: restrict port 5432 to app-tier security group or private subnet
  • Bastion host: hardened jump box allowing SSH from corporate IPs, logging enabled, rate-limited SSH
  • Egress filtering: block or allow outbound hosts/ports to reduce data exfiltration risk
  • Kubernetes: NetworkPolicies to enforce pod-to-pod isolation when using Calico or Cilium

FAQ

Always add an allow rule for SSH (or enable a console/session manager) before enabling the firewall; test rules in a staging instance and ensure cloud console access exists.

When should I use Security Groups vs NACLs in AWS?

Use Security Groups (stateful) for instance-level allow rules and NACLs (stateless) at the subnet level for defense-in-depth or explicit deny needs; use both for layered protection.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
configuring-firewalls skill by ancoleman/ai-design-components | VeilStrat