When i installed debian 10 it came to my attention that
it comes with apparmor pre-installed.
Searching for "things to do after installing Debian 10"
i found this guide https://www.linuxtechi.com/things-to-do ... debian-10/
advocating the installation of ufw
Previously using Debian 9 (which came with ufw preinstalled by default)
i used to make some minimal, very basic changes to /etc/ufw/before.rules
telling myself that i was safe behind a firell
I am totally clueless with Apparmor
Should i invest time in learning to use Apparmor ?
or
should i install UFW and if so - do i have to uninstall Apparmor first ?
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
preferred firewall on debian buster
-
- Global Moderator
- Posts: 3049
- Joined: 2017-09-17 07:12
- Has thanked: 5 times
- Been thanked: 132 times
Re: preferred firewall on debian buster
AFAIK Debian 9 did not come with ufw preinstalled by default. Maybe some desktop environment did.vryni wrote:Previously using Debian 9 (which came with ufw preinstalled by default)
Apparmor is not a firewall, at least not in the common "packet filter" sense like iptables or nftables. It is a security framework which allows to restrict programs' capabilities (including network access).
-
- Posts: 398
- Joined: 2011-10-02 08:00
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 133 times
Re: preferred firewall on debian buster
Most desktop users don't really need a firewall and running one will not "protect" you in any meaningful way.vryni wrote:i used to make some minimal, very basic changes to /etc/ufw/before.rules
telling myself that i was safe behind a firell
EDIT: apparmor does provide significant protections for the average desktop user though, which is why Debian has enabled it by default.
deadbang