Firewalling - What are you using if anything


#1

Hey all - Just curious what folks are using on Linux home workstations.
I have thought about running an iptables rule set but am curious if that happens to be overkill.

What are your thoughts and what might you be using?

Cheers
Chris


#2

gufw has been always my go to!


#3

Yep, good call in there @pangolin


#4

For Linux I prefer nftables, it’s faster than iptables with more features and it runs in a virtual machine in kernel space, which is super-cool.

The ruleset is declarative in nature (unlike iptables tangled syntax) and so they look a lot like ufw but without the abstraction layer :slight_smile:

The ArchWiki page is good, I use the stateful example given:

https://wiki.archlinux.org/index.php/nftables

For OpenBSD I use their native Packet Filter (pf), which is the best firewall around, bar none.

https://www.openbsd.org/faq/pf/index.html


#5

I’ve been using iptables for ages, but I’m interested now with nftables that @Head_on_a_Stick has mentioned. Thanks @Head_on_a_Stick for your alternative, at first blush it seems to be easier and more flexible to use. Will study it more when I get time.


#6

Thx for sharing, will be a great source of knowledge for other members @Head_on_a_Stick


#7

I am used to use no firewall from Ubuntu, however I think I will change that.


#8

So I read up on firewalls for private computers running linux for a bit and I have to say that mostly, from what I gathered, people are of the opinion that there is no real need for you to run a firewall if you do not run a server.
Any thoughts on that from you guys?


#9

My personal opinion has always been that because of my very conservative web habits, I have never needed one and never ran antivirus when using windows back in the day either. I’ve not experienced a single issue.


#10

This is probably true. I think some (at least I) like the extra layer of security. If by some chance someone gets past the the router (and I don’t profess to be an expert at setting up my our cable routers) then at least there is another barrier. But in your example, I do so even more so since I do run a server here at home.

It’s kinda like backups, you can have none, and on the flip side - you can ask; how much redundancy is enough, lol