On Fri, 16 Jan 2026 23:40:14 -0500 Dan Ritter <[email protected]> wrote:
> Is setting up a firewall ever going to be so generic that a > reasonably high proportion of users will want a one-click > checkbox and be happy with the results? I suppose it depends on > the user population, but I suspect the answer is negative. Not Debian users, anyway. Debian has offered a selection of firewall tool suites for over 20 years. None are installed as a default configuration. I don't see this changing any time soon. File with Arch which has an even more minimalist do-it-yourself philosophy. Contrast with RHEL, SLES and Ubuntu. They each include exactly one firewall tool suite. Different audiences. The RHEL and SLES audiences are enterprise customers who are paying for support and typically need to comply with corporate policies which require OS level firewalls because Microsoft Windows exists and it really does require that firewall. The Ubuntu audience is non-technical users who don't necessarily know what they're doing but maybe they "know" they need "a firewall". Do I use any of these firewall tools myself? Professionally, mostly no. As previously noted, I disable the firewall service on most new RHEL, SLES and Ubuntu machines I deploy. We don't need it. At home I have three always on Debian servers, two physical machines and one VM. No OS level firewalls. They're protected by the OpenWRT firewall at the border. I also have two Arch (CachyOS) machines (formerly Tumbleweed) on which I do have ufw enabled because one of them is a notebook which finds itself on hostile networks and I like to restrict SSH access beyond simple hardening. ufw is active on the other machine for consistent behavior. -- \m/ (--) \m/ _______________________________________________ Discuss mailing list [email protected] https://lists.blu.org/mailman/listinfo/discuss
