Firewalling - What are you using if anything

Hey all - Just curious what folks are using on Linux home workstations.
I have thought about running an iptables rule set but am curious if that happens to be overkill.

What are your thoughts and what might you be using?

Cheers
Chris

gufw has been always my go to!

2 Likes

Yep, good call in there @pangolin

1 Like

For Linux I prefer nftables, it’s faster than iptables with more features and it runs in a virtual machine in kernel space, which is super-cool.

The ruleset is declarative in nature (unlike iptables tangled syntax) and so they look a lot like ufw but without the abstraction layer :slight_smile:

The ArchWiki page is good, I use the stateful example given:

https://wiki.archlinux.org/index.php/nftables

For OpenBSD I use their native Packet Filter (pf), which is the best firewall around, bar none.

https://www.openbsd.org/faq/pf/index.html

1 Like

I’ve been using iptables for ages, but I’m interested now with nftables that @Head_on_a_Stick has mentioned. Thanks @Head_on_a_Stick for your alternative, at first blush it seems to be easier and more flexible to use. Will study it more when I get time.

Thx for sharing, will be a great source of knowledge for other members @Head_on_a_Stick

I am used to use no firewall from Ubuntu, however I think I will change that.

So I read up on firewalls for private computers running linux for a bit and I have to say that mostly, from what I gathered, people are of the opinion that there is no real need for you to run a firewall if you do not run a server.
Any thoughts on that from you guys?

My personal opinion has always been that because of my very conservative web habits, I have never needed one and never ran antivirus when using windows back in the day either. I’ve not experienced a single issue.

This is probably true. I think some (at least I) like the extra layer of security. If by some chance someone gets past the the router (and I don’t profess to be an expert at setting up my our cable routers) then at least there is another barrier. But in your example, I do so even more so since I do run a server here at home.

It’s kinda like backups, you can have none, and on the flip side - you can ask; how much redundancy is enough, lol