-   Linux - Newbie (
-   -   How important is the use of a software firewall in Linux? (

MoonDragon 04-20-2013 12:51 PM

How important is the use of a software firewall in Linux?
If I am a single user, fixed behind a router, using email, the Web and occassional linux distro dowloads through torrents (peer to peer), do I really need to activate a firewall. WHat threats can I expect and will having a firewall help?
I have looked for answers on this subject and found a variety of opinions on the matter. Can anyone explain this in such a way it could be clear to someone who is new to using Linux? or if there is clear documentation on the matter (readable for those with only a gentleman's knowledge of computers). It's time for the open source community to expand its offerings to the everyday punter, huh? maybe?

ronlau9 04-20-2013 01:00 PM

How important is a firewall in linux ?
Well how important is it in you're house to close the doors and windows ?
And what do you mean by a gentleman's knowledge of computers ?

goumba 04-20-2013 01:00 PM

I have gone years without using a firewall, under Windows and Linux, and never had any issues. Of course that requires you to be smart about email attachments, the programs you run, etc.

Also my PC is only on when I am using it, it is never idle.

Of course others are going to give different answers which may be suitable.

jens 04-20-2013 01:01 PM

While most routers can be used as firewalls as well, using your system's iptables is usually much easier with more options.

ozar 04-20-2013 01:07 PM


How important is the use of a software firewall in Linux?

My own opinion is that it depends on the user and his/her individual usage habits. There are some users that probably can't install enough security apps to keep them safe because of their carefree attitude while using their computers, while other users might be able to get by with few or no security apps installed.

273 04-20-2013 01:58 PM

To my mind the only value of a personal firewall if you're behind a NAT is to prevent trojans dialing out. Since I've got rkhunter to tell me whether there is anything doing that and I only use software from the repositories I take my chances without one. It may be that I manage to enter my bank details and a trojan capture them before rkhunter has told me I'm infected but it's a very slim chance indeed and if I've a rootkit anyhow what's to stop it going out over a port opened for something else?

haertig 04-20-2013 02:03 PM


Originally Posted by goumba (Post 4935387)
you to be smart about email attachments, the programs you run, etc.

A firewall won't provide much protection, if any at all, against you opening a malicious email attachment or running a malicious program. You might be able to catch an unexpected outgoing network connection from a malicious program, but by that time it's probably already too late for your system.

IMHO, the best way to help protect yourself is to turn off all network services that you don't need. If they're not running, they aren't being exploited. I recently installed a new Samba release on my computer and subsequently found that it apparently started the smbd service by default. I have no need nor desire for this. But it slipped in there on me and I didn't realize it immediately, thus I had a potential way in to my system for the bad guys. A properly configured firewall could have stopped incoming connection attempts to this smbd service, so firewalls are not useless. And if you have a recent version smbd service and YOU HAVE CONFIGURED IT SECURELY you probably wouldn't have had any issue anyway. But you want multiple layers of protection, so if one layer fails, you have a backup layer to save your butt. Any incoming attempts to hit this service would have been blocked at the hardware router level first, so my exposure in unknowingly running smbd for a brief time was really pretty minimal. And since I didn't know it was running, I had not configured it for security. Which is a big oopsie. However, by default it doesn't share things anyway, so it should have be more or less secure-ish. But it was the router layer that actually provided me protection in this case.

There is nothing wrong with running a firewall. Nobody should recommend against it. It's just that it may not provide much actual benefit to you. If you don't have a router running initial interference, yes, I think you should run a firewall. If you do have a router, and know how to use/configure it correctly for security (i.e., no "default host" setting or anything else insane like that), I consider a software firewall on your individual PC somewhat optional. But that's just my personal opinion.

frankbell 04-20-2013 10:14 PM

I always run a firewall on any computer I attach to the net. It's simply part of practicing safe HEX. Most of them use so few resources as to be unnoticeable in day-to-day usage.

As far as I am concerned, it's like leaving the keys in your car. You can do it 10,000 times and never have a problem. Time 10,001, no car.

A common garden-variety home firewall router acts as a firewall only in that it allows you to close off ports that you don't need and that it masks the IP addresses of your computers.

MoonDragon 04-29-2013 05:56 AM

So many varying answers :p but thanks!
OK, first of all, does having the firewall on result in slower performance. or does it slow down responses over the internet?
On Windows I had one active always, but for some reason (maybe it's just foolish) I have not thought about turning it on. I am behind a nat router.

chrism01 04-29-2013 07:19 AM

You shouldn't notice any difference in performance.
iptables is pretty lightweight.

All times are GMT -5. The time now is 05:43 PM.