Hi. I wanted to know if it's needed to install a firewall on a linux desktop/laptop. Why yes or why no?

  • tal@lemmy.today
    link
    fedilink
    arrow-up
    12
    arrow-down
    2
    ·
    edit-2
    1 year ago

    No, you don't. But it's also not necessarily a bad idea if it's not going to create issues for you.

    Normally, a software package that wants to talk over IP and only wants to let local software communicate with it can listen only on loopback addresses (like 127.0.0.1). But I have definitely seen software packages that have defaulted to listening to the world (gpsd used to do this by default, for example, which would let anyone in the world who could talk to your machine see precisely where you were). Having a firewall makes the default to be secure – you know that the default is not to be reachable, regardless of what some software author thinks is a good idea.

    Most home systems these days are generally behind a NATting router, which effectively firewalls them against the outside world (though maybe IPv6 will change this), so they can't be directly reached from the outside anyway, unless a user has set up port forwarding on the router, the systems are effectively firewalled anyway, unless an attacker can get inside the network somehow.

    It's one more thing that you're going to have to remember to deal with if you're installing software and troubleshooting network problems. You install software package X and it isn't reachable, you're going to have to figure out how to diagnose problems. As long as this isn't a problem for you…shrugs

    I don't personally run firewalls on my desktops. But I have also, over the years, occasionally checked netstat -ntap and discovered that a service that I thought only listened locally was listening to the world, gpsd probably being the most-flagrant example.

    If I were not behind a router, or if I were forwarding all ports to my system, I would be firewalling my desktop systems.

    On a dedicated server, I'd be less worried, because I'm not normally installing tons of random software on the thing. If you aren't going to firewall it, though, be sure that you've checked to see what is listening on the server.

    • Jagger2097@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      1 year ago

      There is no reason to not leverage a firewall. Plenty of browser based malware can breach your home router and call back out to allow an attacker to explore your network. Windows has included a firewall for over a decade and it's fine. You can with a single command enable Linux's built in firewall and be glad you did the bare minimum of cyber security.

      • sebsch@discuss.tchncs.de
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Windows network layer is a desaster. It is so bad, you could currupt the system with Ping in the past.

        I would not say, you should not have a firewall on a desktop, but saying it's a good idea bc/ windows makes me laugh.

    • wolf@lemmy.zip
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I strongly disagree.

      For example on systems based on Debian (running myself) which simply enables networked services by default running a firewall is a total no brainer. Same is true for literally every Linux distribution with dependency management.

      Especially if someone asks, it is a strong indicator this person should run a firewall.