This week on Destination Linux, we’re going to discuss firewalls. Specifically, what the heck are they? Do you need to set one up? Does your distro have a default firewall and our favorite firewall software. Google is now a privacy ally…or at least that’s what they’re marketing. Later in the show, we’re going to discuss 0 A.D. and Steam Link enhancements for Linux. Plus we’ve also got our famous tips, tricks and software picks. All of this and so much more this week on Destination Linux. So whether you’re brand new to Linux and open source or a guru of sudo. This is the podcast for you.
Podcast (mp3): Play in new window | Download | Embed
Subscribe: Google Podcasts | Spotify | Stitcher | Email | TuneIn | RSS
Hosts of Destination Linux:
Ryan (DasGeek) = dasgeekcommunity.com
Michael Tunnell = tuxdigital.com
Jill Bryant = twitter.com/jill_linuxgirl
Noah Chelliah = asknoahshow.com
Want to Support the Show?
Support us on Patreon = https://destinationlinux.org/patreon
Support us on Sponsus = https://destinationlinux.org/sponsus
Destination Linux Network Store = http://dlnstore.com
Want to follow the show and hosts on social media?
You can find all of our social accounts at https://destinationlinux.org/contact
- 00:00 = Welcome to DL 216
- 01:04 = Reminder: DLN LUGcast on March 21st!
- 01:47 = Community Feedback: Linux Laptops with Touchscreen Support
- 06:18 = Digital Ocean – App Platform / Cloud ( https://do.co/dln )
- 07:45 = Do you need a Firewall on Linux?
- 24:07 = Noah Outtake 😀
- 27:40 = Bitwarden Password Manager ( https://bitwarden.com/dln )
- 29:31 = Google Cares About Your Privacy Again?
- 40:21 = Valve’s Steam Link Now Available On Linux
- 44:15 = Game of the Week: 0 A.D.
- 47:53 = Software Spotlight: Optimizer
- 48:49 = Tip of the Week: Podman Checkpoints
- 49:35 = Ryan’s Visit to Computer Museum of America in Roswell GA
- 54:08 = Outro
I enjoyed the focus on firewalls and Noah’s detailed recommendation not to enable anything for web-facing until you know what you’re doing.
I also very much agree with Jill’s assessment that Google’s claim they’re done tracking simply means they’ve found a more invasive way to spy, without having to tell you about it.
More security/privacy chats, please!!
I second that!
Good show today. I wanted to chip in to say that ufw is disabled by default on Ubuntu. See Security - Firewall | Ubuntu). The hosts seemed to think that Ubuntu had a firewall turned on unlike debian. I think the vast majority of Linux users won’t have a firewall turned on by default. (the docs I linked to are for Ubuntu server, but I’m 98% sure the same applies to the desktop).
I’m also of the opinion that it doesn’t matter all that much for a typical desktop use case. These users don’t tend to run listening services like SSH or NFS. And if they do, then they will want the firewall to allow traffic. A firewall could allow a user to be more granular regarding who is able to connect, but if a user knows to configure this then they could easily enable UFW. I find firewalls to be great in between network segments, but its easy to overstate the importance of a host-based firewall.
That said, I do think that turning on the firewall by default would be the right call for ubuntu.
One more opinion: iptables is just as easy as ufw once you go beyond the most basic commands. For example, here is how I’d block my machine from talking to comcast’s DNS servers using ufw and iptables:
Both commands take the same information. I struggle with ufw because I’ve found that the order of the words can be important. Whereas with iptables you can shuffle the options around as you please. Maybe it’s a stretch to say that iptables is just as easy but I really think its a close call. Plus its more powerfull. I’ve never tried a graphical UFW frontend though, maybe that would change my mind.
Thanks for the show and for putting up with my unsolicited opinions!
First, big welcome to the forum. Love to see an iptables fan here. I started with iptables on Debian and it was a lot of fun though a little cumbersome.
Commands have to be repeated twice using
ip6tablesto apply rules to both IPv4 and IPv6.
Commands aren’t persistent so you need a package to handle that if you’re not rolling your own startup solution:
Then whenever you make changes you need to run:
I also ran into a problem with virt-manager because it’d dynamically add a bunch of iptables rules after boot so if I changed the iptables and saved them it’d include virt-manager’s dynamically added rules making them either duplicates or zombie rules on future reboots. To do edits I ended up having to disconnect the network, then run
Then add all my rules back in including my edits, then save and restart.
I could have produced something a bit more elegant had I stuck with it but that’s how firewalld/ufw finally won me over.
Thanks everyone for another interesting and entertaining show
As a Debian user I was a bit surprised too when I first learned not default firewall installed. Thanks for the reminder - need to switch it on after installation as well(!)
Sorry to say, but I don’t trust Big Tech enough to believe them when it comes to privacy. I hope they’re being upfront but I doubt it. I’d rather not take the risk myself.
When I was back at college anything that was networked was very likely to be using Unix (it was about the same time Linus was at college too) and Windows/DOS machines struggled to even access memory outside the basic 640K memory range, if I remember correctly, though I dread to think back… Yes, seeing the Crays “for-real” as it were, sounds pretty exciting!
Zero-AD looks good - and the zero budget requirement suits my pocket too for now - ah well, lots of projects to donate to when able!
Continue the discussion at discourse.destinationlinux.network
2 more replies