Alternative to Firewalld on memory critical servers?

ASRM asked:

I’ve bought a 512MB VPS @ DigitalOcean. Currently, I use Firewalld to allow/deny access to certain ports (probably 22, 80, 443 are open). It uses around 25-30MB of memory.

EDIT: Not to forget that I’ve only 489MB of usable memory out of which 50MB is already used. So if I switch to someother light-weight alternative, I would probably save 15-20MB.

So, is it really necessary to use Firewalld? Or can I use something like iptables (I’ve never used it before BTW). Is there any major difference between the two? How do I configure iptables to close all ports except port 22, 80, 443?

I’m asking because I even have to consider server security. Because one cannot compromise server security just to save few MBs.

I’ve read this thread, it says

if possible, you should use the new firewalld system

My answer:

Yes, you can use the old system. It’s not less secure than firewalld (provided you write your firewall rules correctly). It also doesn’t run a daemon, so it’s not using a (relatively) large amount of your limited RAM.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.