On 1/15/26 4:40 PM, Randall Rose wrote:
Unfortunately I am in a situation where I need to rebuild some machines with
only a Debian and a Fedora install disk to work from. With Debian, it's hard
to connect to the internet since Debian doesn't like to provide a firewall in
the initial install.
I think this is easier:
* Install the OS without a firewall.
* Get it working.
* Set up the firewall later—if at all.
Linux is quite secure as-is. If you don't install anything that is
listening on any ports, then there is nothing for the firewall to
protect. I don't worry in the least having my laptop on the open
internet because it is listening on no ports. Not even on 22 for ssh.
(On that machine I only ssh out, never ssh in.)
If you do have something listening, choose wisely what is listening,
configure it carefully, and keep your software up-to-date. (Whether you
have a firewall or not.)
But how in heck are you even going to get it /on/ the open internet?
Nearly every connection is going to be behind a NAT which isn't going to
allow incoming packets to reach you anyway.
Do an nmap scan of yourself and see what is listening, and ask why for
each hit. If you don't need it, then get rid of it or configure it to
only listen on localhost.
Then what do you need a firewall for? Okay, if you want it as an extra
layer, configure it. But get your computer working first, make the base
computer secure without a firewall, then add the firewall later. Easier
that way.
-kb
_______________________________________________
Discuss mailing list
[email protected]
https://lists.blu.org/mailman/listinfo/discuss
