What is the difference between nftables and iptables in this skill?

The skill treats nftables as the modern standard for better performance and syntax, while providing legacy iptables support for older kernels and migration guides.

How does this skill help prevent SSH lockouts?

The skill includes a mandatory safety checklist and specific 'allow-before-enable' command patterns for UFW and nftables to ensure you maintain access before applying deny-all rules.

Does this skill support Infrastructure as Code (IaC)?

Yes, it provides Terraform (HCL) examples for configuring AWS Security Groups and other cloud-native firewall resources.

Can I use this for containerized environments?

Absolutely. It includes patterns for Kubernetes NetworkPolicies to manage traffic between pods using CNI plugins like Calico or Cilium.

Firewall Configuration & Security

Name: Firewall Configuration & Security
Author: ancoleman

byancoleman

•

158

安全与测试

Configures host-based and cloud firewalls with security best practices to harden servers and implement network segmentation.

关于

This skill provides a comprehensive guide and implementation patterns for setting up firewalls across diverse environments, including Linux hosts (UFW, nftables, iptables), major cloud providers (AWS, GCP, Azure), and Kubernetes. It helps engineers implement defense-in-depth strategies through stateful and stateless rules, egress filtering, and bastion host setups, while incorporating critical safety checklists to prevent accidental lockouts during configuration. Whether you are exposing a new web service or securing a private database, this skill ensures your network layer follows the principle of least privilege.

主要功能

Cloud infrastructure templates for AWS Security Groups, GCP VPC, and Azure NSGs
Cross-platform support for UFW, nftables, and legacy iptables
Kubernetes NetworkPolicy patterns for secure pod-to-pod communication
Pre-built patterns for web servers, private databases, and bastion hosts
158 GitHub stars
Safety-first checklists to prevent SSH lockouts and misconfigurations

使用场景

Designing multi-layered cloud security using Terraform for Security Groups and NACLs
Implementing network segmentation and egress filtering to prevent data exfiltration
Hardening a new Linux server with UFW and rate-limited SSH access

关于

主要功能

Cloud infrastructure templates for AWS Security Groups, GCP VPC, and Azure NSGs
Cross-platform support for UFW, nftables, and legacy iptables
Kubernetes NetworkPolicy patterns for secure pod-to-pod communication
Pre-built patterns for web servers, private databases, and bastion hosts
158 GitHub stars
Safety-first checklists to prevent SSH lockouts and misconfigurations

使用场景

Designing multi-layered cloud security using Terraform for Security Groups and NACLs
Implementing network segmentation and egress filtering to prevent data exfiltration
Hardening a new Linux server with UFW and rate-limited SSH access