Do I need a firewall for my fedora 38?

I’m new to Linux, previously been on Windows where I used defender + Windows firewall. Now I’m on fedora which also have its firewall called firewalld. Are those sufficient, or do I need any other solutions for my security?

  • kevincox@lemmy.ml
    5·
    1 year ago

    Even without any firewall you should be fine by default. Access to ports with no services listening do nothing. Firewalls are just defense-in-depth in case a service that you didn’t want to accidentally listens on a port. It may also slightly reduce kernel attack surface.

    So I would say that you don’t need it. You will be fine. But if you want to be sure about what is listening on your machine then feel free to apply one.

  • moist_towelettes@lemm.eeEnglish
    41·
    1 year ago

    Unless your computer is exposed directly to the internet, your router’s firewall should be enough. Fedora typically has SELinux and AppArmor enabled by default which should protect from something nasty executing on your machine.

    Don’t execute things as root if you don’t know what it is and you should be fine.

    • Caaaaarrrrlll@lemmy.ml
      2·
      1 year ago

      Fedora doesn’t use AppArmor, it uses SELinux.

      You normally only use SELinux or AppArmor, not both, since they are the same goal and purpose.

      I would definitely keep firewalld and SELinux installed and enabled on any system unless there’s a good reason not to.

  • LeTak@lemm.ee
    2·
    1 year ago

    I use portmaster on my fedora instance. I disabled blocking all from LAN and made a custom rule set to allow some devices and block all others.

  • Harry_Houdini@lemmy.dbzer0.comOP
    22·
    1 year ago

    Uncomplicated Firewall is easy to setup and understand. It blocks traffic and allows it. Install UFW

    sudo apt install ufw

    My recommended(Chris Titus)

    `sudo ufw limit 22/tcp

    sudo ufw allow 80/tcp

    sudo ufw allow 443/tcp

    sudo ufw default deny incoming

    sudo ufw default allow outgoing

    sudo ufw enable`

    Is this enough?

    • zenharbinger@lemmy.world
      3·
      1 year ago

      This is fedora, I would stick with firewalld.

      sudo dnf install firewalld

      sudo systemctl enable --now firewalld

      sudo firewalld-cmd --add-service --permanent ssh

      sudo firewalld-cmd --add-service --permanent https

      sudo firewalld-cmd --add-service --permanent http

      sudo systemctl restart firewalld

    • NateNate60@lemmy.ml
      1·
      1 year ago

      Yes, it is enough. Generally, the default handling of connections on Linux is enough but having ufw can’t hurt. Certain developer or server software may not work unless you add UFW exceptions for them. They don’t know how to do this on their own.

      By default, without a firewall, any program can communicate through any port it wants as long as it can bind that port. Ports that are special or low-numbered (e.g. TCP port 21 is reserved for FTP) require root to be bound. Otherwise, a program can bind any port that isn’t already in use by something else. All incoming connections to a port that isn’t bound will be refused and the information discarded.

      Edit: Your router also usually has a firewall that is strong enough for most everyday purposes.

  • GustavoM@lemmy.worldEnglish
    13·
    1 year ago

    “That guy” here. I don’t go “further” than setting everything up with firejail and then creating a mavclan port/connection pointing my main ip through it and then removing whatever is in my eth0 port/connection. All that with netctl.

    “Does it work”? Well, whoever tries to scan my ip for open ports with nmap gets a nice and sweet “All ports are closed” message back. So eh… I’ll be fine. :^)