Debian User Forums

Posted: **2022-05-21 14:17**

Does Debian has any pre-installed firewall or there is any that you propose for Debian 11?

Posted: **2022-05-21 15:23**

https://wiki.debian.org/nftables

Posted: **2022-05-21 15:38**

Do you recommend to enable nftables for casual home use of the internet?

Posted: **2022-05-21 16:15**

It's not needed if you're just browsing the interweb, downloading stuff and playing games on other people's servers but nftables has a very low resource overhead and it adds a layer of protection just in case ports and services are exposed by mistake.

I use the provided "workstation" ruleset, which is default-deny:

Code: Select all

# apt install nftables
# cp /usr/share/doc/nftables/examples/workstation.nft /etc/nftables.conf
# systemctl enable --now nftables

Check with

Code: Select all

# nft list ruleset

Edit /etc/nftables.conf if you need to allow for ssh, http or https servers; it has a commented-out line for that.

Posted: **2022-05-22 20:33**

Head_on_a_Stick wrote: ↑2022-05-21 15:23 https://wiki.debian.org/nftables

Thanks HOAS. I made the change as per the link you provided. What a difference in the ruleset. Not that I really understand any or it.

Posted: **2022-05-23 17:56**

The default ruleset is fine. Here is a different option with chain base checks:

viewtopic.php?p=736536#p736536

Posted: **2022-06-12 01:13**

Just try the Uncomplcated Firewall (https://wiki.debian.org/Uncomplicated%2 ... 0%28ufw%29), easy to use nothing more to tinker after enabling it.

Posted: **2022-06-12 10:07**

zarathustra-f90 wrote: ↑2022-06-12 01:13Uncomplcated Firewall

Setting default-deny in ufw is exactly equivalent to enabling the workstation ruleset for nftables but it exposes the user to all the extra bugs and vulnerabilities in the ufw code base as well as all the bugs and vulnerabilities in the nftables backend.

The less software is used, the less the chance of running into a bug or vulnerability.

Posted: **2022-06-18 00:59**

Head_on_a_Stick wrote: ↑2022-06-12 10:07
zarathustra-f90 wrote: ↑2022-06-12 01:13Uncomplcated Firewall
Setting default-deny in ufw is exactly equivalent to enabling the workstation ruleset for nftables but it exposes the user to all the extra bugs and vulnerabilities in the ufw code base as well as all the bugs and vulnerabilities in the nftables backend.

The less software is used, the less the chance of running into a bug or vulnerability.

Haven't come across any bugs/errors/interruptions through the years of using ufw as a simple daily firewall, for a user that wants an effective firewall without making any tinkering or using command lines/config files it seems suitable imho. Of course it's up to the user to choose and weight the pros and cons.

Posted: **2022-06-18 10:59**

zarathustra-f90 wrote: ↑2022-06-18 00:59Haven't come across any bugs/errors/interruptions through the years of using ufw as a simple daily firewall

That you know of

Debian User Forums

What firewall should I use?

What firewall should I use?

Re: What firewall should I use?

Re: What firewall should I use?

Re: What firewall should I use?

Re: What firewall should I use?

Re: What firewall should I use?

Re: What firewall should I use?

Re: What firewall should I use?

Re: What firewall should I use?

Re: What firewall should I use?