Which Linux firewall do you use?

Mostly a way to "group" things.
I have a server with 5 interfaces, I only use two of them for https access.
So, I can put two interfaces in a group and put 3 in another group.
I can put source IPs, destination IPs, and services ports in a "zone" as well.

The advantage is, instead of trying to remember what interfaces go with services, and what ports and IPs I want to allow traffic to, I just put all that in a "zone" and assign the rule to the zone.

There is a GUI for firewall-cmd, but I think maybe it's just called "firewall".

View attachment 21021
That looks very similar to "Zone Alarm" for windows back in the old days. Going to give that a try.
 


Hi,

I'm new to this forum. Which firewall do use ..
Iptables script.
Slackware never had an iptables GUI. About 20 years ago, I set up ipchains/iptables for laptops/desktops, and it hasn't changed much since.

.. and why?
Why use a firewall? Good question. Honestly, it's not really needed. Ports are closed, most apps are Firejail isolated, and my Debian router filters a lot. A firewall isn't essential, but it's still running.
 
For home systems, a firewall may not matter that much, your ISP is going to block all in-coming traffic.
If you're ever planning on becoming a professional Linux admin, you will want some practice doing this.

However, you work in an Enterprise Linux environment, like a datacenter for example.
You run firewalls. Yes, there are hardware firewalls, routers and switches that block all kinds of in-coming traffic.
Yes, everything is backed up, we have remote access logs, we have all of that, but we still run firewalls.

It may be that a firewall gets compromised, sometimes hacks come in through legitimate APIs.
Sometimes you assume the Network team blocked something, and they assume you blocked it, and neither of one of you did.
It's best practice to always run a firewall.

Network admins are humans too, they can make mistakes. Better to bee "too safe" than too insecure.
If our network ever gets hacked, it's not going to be the Linux team admin's fault if we can help it.

We run scans, pen tests and audits fairly frequently. If you're a big target, you will be targeted at some point.
Chances are your home network isn't a high-value target, you don't have too much to worry about.
 
Better to bee "too safe"

Sort of off-topic:

That typo cracked me up. It immediately made me picture a health and safety officer writing up 'witty' signs while using a bunch of crappy old clipart from like one of those 90s CD clip art collections that bragged 10,000 images on the cover.
 
We run scans, pen tests and audits fairly frequently. If you're a big target, you will be targeted at some point.
Chances are your home network isn't a high-value target, you don't have too much to worry about.
Isn't that nice.
 
I guess it depends on what you expect from firewalling. To me things like UFW provide access control but does not provide the protection of a firewall. Even free things such as PFsense or Opensense provide other levels of protection. You can implement subscription lists and applications such as snort to monitor inbound traffic. It is also good to have your firewall seperate so your equipment isn't getting bombarded by traffic it has to process. Even with a firewall I still typically configure UFW to only open the ports required to do what I require. Its good practice anyway.
 
Even with a firewall I still typically configure UFW to only open the ports required to do what I require. Its good practice anyway.
.....as do we in 'Puppy'. By default, ALL ports are closed when you first fire-up a new Puppy; it's up to the user to open what ports they need depending on what they want to do.....even the internet is blocked to begin with. (Especially the internet..!!)

Since setting-up the firewall is part of the 'first-run' routine, you have no choice but to make yourself secure from the word 'go'.

Works for us.


Mike. ;)
 

Members online


Top