What firewall should I use?
Posted: 2022-05-21 14:17
Does Debian has any pre-installed firewall or there is any that you propose for Debian 11?
Code: Select all
# apt install nftables
# cp /usr/share/doc/nftables/examples/workstation.nft /etc/nftables.conf
# systemctl enable --now nftables
Code: Select all
# nft list ruleset
Thanks HOAS. I made the change as per the link you provided. What a difference in the ruleset. Not that I really understand any or it.
Setting default-deny in ufw is exactly equivalent to enabling the workstation ruleset for nftables but it exposes the user to all the extra bugs and vulnerabilities in the ufw code base as well as all the bugs and vulnerabilities in the nftables backend.
Haven't come across any bugs/errors/interruptions through the years of using ufw as a simple daily firewall, for a user that wants an effective firewall without making any tinkering or using command lines/config files it seems suitable imho. Of course it's up to the user to choose and weight the pros and cons.Head_on_a_Stick wrote: ↑2022-06-12 10:07Setting default-deny in ufw is exactly equivalent to enabling the workstation ruleset for nftables but it exposes the user to all the extra bugs and vulnerabilities in the ufw code base as well as all the bugs and vulnerabilities in the nftables backend.
The less software is used, the less the chance of running into a bug or vulnerability.
That you know ofzarathustra-f90 wrote: ↑2022-06-18 00:59Haven't come across any bugs/errors/interruptions through the years of using ufw as a simple daily firewall