Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Iptables for desktop

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
User avatar
cds60601
df -h | participant
df -h | participant
Posts: 706
Joined: 2017-11-25 05:58
Location: Florida
Has thanked: 129 times
Been thanked: 60 times

Iptables for desktop

#1 Post by cds60601 »

General question: Assuming your cable modem (or whatever your connection may be at home) is setup properly (or out of the box for that matter), for a home desktop user would you implement iptables on your system as an extra precaution or just use your Deb install as is?
Would like to hear some pros / cons and what the general consensus is as I could see it going either way.

Cheers
Chris
Supercalifragilisticexpialidocious

kkremitzki
Posts: 2
Joined: 2018-05-03 06:23

Re: Iptables for desktop

#2 Post by kkremitzki »

It's probably overkill for most users--but good security has layers, like an onion. For example, your own computer may be well-kept and secure from the Internet but if you give out your wifi password to a friend with a hacked phone, or you expose something to the Internet that gets pwned, and your computer has no defenses on the LAN, you might have a bad time. But those are unlikely scenarios for most people.

arzgi
Posts: 1185
Joined: 2008-02-21 17:03
Location: Finland
Been thanked: 31 times

Re: Iptables for desktop

#3 Post by arzgi »

cds60601 wrote:General question: Assuming your cable modem (or whatever your connection may be at home) is setup properly (or out of the box for that matter), for a home desktop user would you implement iptables on your system as an extra precaution or just use your Deb install as is?
Would like to hear some pros / cons and what the general consensus is as I could see it going either way.

Cheers
Chris
There are many programs that use iptables, but hide if from user. I've used shorewall, and at the moment arno-iptables-firewall, which does not after installing require any actions than reading logs.

User avatar
None1975
df -h | participant
df -h | participant
Posts: 1389
Joined: 2015-11-29 18:23
Location: Russia, Kaliningrad
Has thanked: 45 times
Been thanked: 66 times

Re: Iptables for desktop

#4 Post by None1975 »

For desktop you can use The Uncomplicated Firewall (ufw). It is a frontend for iptables. Ufw provides a framework for managing netfilter, as well as a command-line interface for manipulating the firewall. In my opinion it is simpler solution, because configuring iptables manually is challenging for the uninitiated. And yes, it is a extra security layer.
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: Iptables for desktop

#5 Post by debiman »

i'm too stupid to use iptables, i use ufw on all my machines.
there's a little redundancy because my router also has a firewall (which works quite differently though), but that's fine.

User avatar
cds60601
df -h | participant
df -h | participant
Posts: 706
Joined: 2017-11-25 05:58
Location: Florida
Has thanked: 129 times
Been thanked: 60 times

Re: Iptables for desktop

#6 Post by cds60601 »

Thanks to those that answered. I know there are several options that any user can use for firewalling (GUI, cli, 3rd part apps, etc) but you all got the general idea - that was whether or not some of us go the extra mile and have some form of firewalling on our Deb-stations or servers.

Like most of you, I to have it on my router but a little extra never hurts :)
Supercalifragilisticexpialidocious

Post Reply