Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 04-20-2013, 12:51 PM   #1
LQ Newbie
Registered: Apr 2013
Posts: 2

Rep: Reputation: Disabled
How important is the use of a software firewall in Linux?

If I am a single user, fixed behind a router, using email, the Web and occassional linux distro dowloads through torrents (peer to peer), do I really need to activate a firewall. WHat threats can I expect and will having a firewall help?
I have looked for answers on this subject and found a variety of opinions on the matter. Can anyone explain this in such a way it could be clear to someone who is new to using Linux? or if there is clear documentation on the matter (readable for those with only a gentleman's knowledge of computers). It's time for the open source community to expand its offerings to the everyday punter, huh? maybe?
Old 04-20-2013, 01:00 PM   #2
Senior Member
Registered: Dec 2007
Location: In front of my LINUX OR MAC BOX
Distribution: Mandriva 2009 X86_64 suse 11.3 X86_64 Centos X86_64 Debian X86_64 Linux MInt 86_64 OS X
Posts: 2,369

Rep: Reputation: Disabled
How important is a firewall in linux ?
Well how important is it in you're house to close the doors and windows ?
And what do you mean by a gentleman's knowledge of computers ?
Old 04-20-2013, 01:00 PM   #3
Senior Member
Registered: Dec 2009
Location: New Jersey, USA
Distribution: Current: Debian and OpenSUSE. Past: Arch, RedHat (pre-RHEL). FreeBSD & OpenBSD novice, Hackintosh
Posts: 1,191
Blog Entries: 7

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
I have gone years without using a firewall, under Windows and Linux, and never had any issues. Of course that requires you to be smart about email attachments, the programs you run, etc.

Also my PC is only on when I am using it, it is never idle.

Of course others are going to give different answers which may be suitable.
Old 04-20-2013, 01:01 PM   #4
Senior Member
Registered: May 2004
Location: Belgium
Distribution: Debian, Slackware, Fedora
Posts: 1,436

Rep: Reputation: 275Reputation: 275Reputation: 275
While most routers can be used as firewalls as well, using your system's iptables is usually much easier with more options.
Old 04-20-2013, 01:07 PM   #5
Registered: May 2004
Location: USA
Distribution: Arch Linux
Posts: 415

Rep: Reputation: 84
How important is the use of a software firewall in Linux?

My own opinion is that it depends on the user and his/her individual usage habits. There are some users that probably can't install enough security apps to keep them safe because of their carefree attitude while using their computers, while other users might be able to get by with few or no security apps installed.
Old 04-20-2013, 01:58 PM   #6
LQ Addict
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,455

Rep: Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301Reputation: 2301
To my mind the only value of a personal firewall if you're behind a NAT is to prevent trojans dialing out. Since I've got rkhunter to tell me whether there is anything doing that and I only use software from the repositories I take my chances without one. It may be that I manage to enter my bank details and a trojan capture them before rkhunter has told me I'm infected but it's a very slim chance indeed and if I've a rootkit anyhow what's to stop it going out over a port opened for something else?
Old 04-20-2013, 02:03 PM   #7
Senior Member
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD, Raspbian, Arch
Posts: 2,280

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Originally Posted by goumba View Post
you to be smart about email attachments, the programs you run, etc.
A firewall won't provide much protection, if any at all, against you opening a malicious email attachment or running a malicious program. You might be able to catch an unexpected outgoing network connection from a malicious program, but by that time it's probably already too late for your system.

IMHO, the best way to help protect yourself is to turn off all network services that you don't need. If they're not running, they aren't being exploited. I recently installed a new Samba release on my computer and subsequently found that it apparently started the smbd service by default. I have no need nor desire for this. But it slipped in there on me and I didn't realize it immediately, thus I had a potential way in to my system for the bad guys. A properly configured firewall could have stopped incoming connection attempts to this smbd service, so firewalls are not useless. And if you have a recent version smbd service and YOU HAVE CONFIGURED IT SECURELY you probably wouldn't have had any issue anyway. But you want multiple layers of protection, so if one layer fails, you have a backup layer to save your butt. Any incoming attempts to hit this service would have been blocked at the hardware router level first, so my exposure in unknowingly running smbd for a brief time was really pretty minimal. And since I didn't know it was running, I had not configured it for security. Which is a big oopsie. However, by default it doesn't share things anyway, so it should have be more or less secure-ish. But it was the router layer that actually provided me protection in this case.

There is nothing wrong with running a firewall. Nobody should recommend against it. It's just that it may not provide much actual benefit to you. If you don't have a router running initial interference, yes, I think you should run a firewall. If you do have a router, and know how to use/configure it correctly for security (i.e., no "default host" setting or anything else insane like that), I consider a software firewall on your individual PC somewhat optional. But that's just my personal opinion.
1 members found this post helpful.
Old 04-20-2013, 10:14 PM   #8
LQ Guru
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 15,767
Blog Entries: 27

Rep: Reputation: 4629Reputation: 4629Reputation: 4629Reputation: 4629Reputation: 4629Reputation: 4629Reputation: 4629Reputation: 4629Reputation: 4629Reputation: 4629Reputation: 4629
I always run a firewall on any computer I attach to the net. It's simply part of practicing safe HEX. Most of them use so few resources as to be unnoticeable in day-to-day usage.

As far as I am concerned, it's like leaving the keys in your car. You can do it 10,000 times and never have a problem. Time 10,001, no car.

A common garden-variety home firewall router acts as a firewall only in that it allows you to close off ports that you don't need and that it masks the IP addresses of your computers.
Old 04-29-2013, 05:56 AM   #9
LQ Newbie
Registered: Apr 2013
Posts: 2

Original Poster
Rep: Reputation: Disabled
So many varying answers but thanks!
OK, first of all, does having the firewall on result in slower performance. or does it slow down responses over the internet?
On Windows I had one active always, but for some reason (maybe it's just foolish) I have not thought about turning it on. I am behind a nat router.
Old 04-29-2013, 07:19 AM   #10
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.10, Centos 7.5
Posts: 17,697

Rep: Reputation: 2494Reputation: 2494Reputation: 2494Reputation: 2494Reputation: 2494Reputation: 2494Reputation: 2494Reputation: 2494Reputation: 2494Reputation: 2494Reputation: 2494
You shouldn't notice any difference in performance.
iptables is pretty lightweight.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
=>> Get some important question about linux Software partibha Linux - Software 3 07-25-2008 05:13 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:45 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration