They can RTFM or they can go to Slackbuilds and install one of the following firewalls before they head off with their laptop in hand: https://slackbuilds.org/result/?search=firewall&sv=14.2

The argument I would use for a firewall to be included in Slackware would be this: People in some countries do not have ISPs that provide a modem and a router with a firewall to their customers, nor do they have home internet, or any secure location to install Slackware, so a firewall out of box would be extremely helpful to these users. I don't know the validity of this statement but this is the angle I'd go with along with a proposal for an inclusion of a vetted firewall. I think arno-iptables-firewall would be great. The user has to run the script, do some rudimentary setup, and the source is less than 200 kb in size. Then after figuring all that out, I'd bring out the big puppy dog eyes and argue my case before Slackware's BDFL!

1 members found this post helpful.

That's exactly what I've tried to do, buddy!

But I ended with all pit-bulls from neighborhood running after my sorry arse...

3 members found this post helpful.

Been thinking about this too, and I don't think it's possible to find a middle ground here.
At first I figured it was about generic rule set, which is kinda like proposing a generic rifle there's no way it'd have sufficient range, or arc, or rate of fire.
The stuff I've seen so far is more about a framework for setting dynamic iptables rules, so to put it mildly, more automation to wrap around iptables and/or nftables.
This'll bring complexity for no reason, and also redundancy. If such a daemon were auto-started on a system already using iptables, it'd flush local rules.
Because of the above, I don't think it'll make writing rules any easier. It'd just change the format of a rule set.
It might make rule set management easier, but there's the cost of increased complexity and possibility of failure where there was none.

1 members found this post helpful.

There will probably be resistance to something that is setup, ready to go, and feels intrusive. I think arno-iptables-firewall would have a better chance because it doesn't do anything unless you run the script and finish setting it up, but I'm no network security guru and I am using Slackware as a desktop, so I'm not certain how good this firewall that has been maintained for ~2 decades is. The source is less than 200 kb. It has no dependencies and installing the package doesn't do anything by itself. You have to run the scripts and set it up so I don't see what the problem would be in having it in Slackware.

1 members found this post helpful.

Neither the firewalld is intrusive, BTW...

It's a firewall daemon with presets and capable to talk over DBUS. Our NetworksManager and Plasma5 already have support for its integration and n the end it's just a daemon started with /etc/rc.d/rc.firewalld .

You do not wanna it? Just blacklist this particular package and uninstall it, then you can iptables this and that, and even that, AS YOU LIKE.

Regarding it being "already setup, ready to go" I confess: I'm guilty!

Yep, a Generic Firewall would be probably useful for newbs or regular users. Seems like that you forgot the days when you have been a newb too...

What "increased complexity" is a 0644 chmoded /etc/rc.d/rc.firewall as discussed by those guys on this thread?

Eventually, it could be put in a separate package for your pleasure to blacklist it and to come as /etc/rc.d/rc.firewall.new to never overriding your precious hand made tailored firewall.

Everything else is some nice FUD. Well, unless we talk also about a NetworkManager integration - but big bad guys like you does not use it, right?

It has required dependencies that need to be added. Detractors would say go to Slackbuilds and install it for yourself. Why is firewalld better than other firewall offerings?

That is not true, it's just that toolkit was much simpler when I started looking into it.
So I'm used to the idea of doing everything by hand, while you on the other hand seem to rely on automation.
How do you fix broken automation if you're not able to fix it by hand, do you rely on the bot author to fix breakage caused by misconfigured bot?

It's not, I thought we're talking here about re-inventing firewalld, because that is what you originally requested.
If this was all about requesting a rc script you could've just said so at the start, there's plenty of rc scripts around.

No worries, I don't use slackpkg blacklist to deny a package, but a slackpkg template to accept a package.
And you're right about NetworkManager there is no such thing here.

1 members found this post helpful.

I think people are getting bogged down in the weeds with this one.

Rather than setup the firewall rules in rc.firewall, IMO rc.firewall should just run:
iptables-restore /var/lib/iptables/rules
ip6tables-restore /var/lib/iptables/rules6

Leave the admin to populate those rulesets themselves, or if you want to be helpful, perhaps expand the netconfig dialog to present the admin with a choice of some of the more commonly used rulesets when it is run.

As others have pointed out, rulesets are a very personal/site-specific thing. You're not going to find one ruleset that appeases everyone.

2 members found this post helpful.

Admin? What admin, GazL?

People today wants to watch movies on Youtube, chat on Facebook, and read news. And mainly to watch porn, according with the statistics.

Nope, someone who install Linux on his computer is not instantly an admin, and may pass many years until he will have a vague idea 'bout how to do admin things. And 99,99% of them does not care about those iptables thingies.

This elitist attitude of "admin to do that and this and that" and making the Slackware usage like following an University is in my humble opinion the main cause of this ever shrinking of Slackware community.

People just wants to securely watch their favorite porn, not to mess with your "rulesets" buddy!

PS. Some friends of mine says: Slackware is a very nice Linux distribution, where you can even do anything you can do on Ubuntu, and it's only thousand times harder to learn it.

This way looks many people to Slackware today. I wonder why?

1 members found this post helpful.

My

As long as you are in a local network, and you are not directly connected to the internet (yes, I know it means the same thing )
Standard users don't need a firewall

1 members found this post helpful.

GazL forgot to put a smiley in that post demonstrating another personal twist
Scripts can do more than setup rulesets. They can also output information when run and contain comments on what a rule does.

Good luck with that.

Open the pod bay doors HAL

Security is built in layers.
You may be behind an ISP provided modem/router, but the device may have a flaw. There have been real world examples. Do a web search for 'modem exploit' and 'modem exploit brazil'.
The possibility of wifi password leakage is very real. A friend comes to visit, you handover the wifi password so they can use their phone, then the phone goes missing.
Silly mistakes can happen. You open a port on the modem/router to experiment, then fail to close it. Try that with port 443 and see how long it takes for a bot to sniff it {inside 30 seconds in my experience).
I agree that standard users don't _need_ a firewall, but it does not hurt.

*shrug* Then they should use a no-maintenance device like an android tablet or chromebook.

I feel like a ministry of defense meeting with several arms dealers - gentlemen we seem to be:
1. overly enjoying challenging each other intellectually
2. defending each own's "added complexity layer" against one quite simple additional complexity layer (intentionally avoiding to call it "trivial complexity layer")
3. forgetting the basic thing:

Out of the box Slackware is quite resilient and safe even without a running firewall as long as it is set up per the installer defaults and advice:
short of a ssh service there is no open port and your browser is one supposedly open source and secure browser updated in a timely manner (heavy sigh towards vivaldi and ungoogled chromium (very very much Kudos to AlienBOB)).

So from the start, a typical Slackware system out of the box isn't quite a disaster waiting to happen really as far as I could tell.

That aside, A default firewall, accepting only --state ESTABLISHED,RELATED connections would only bolster the otherwise flawless track record - we're not fighting a to save a sinking ship really.

Yes, a default firewall is that simple - no fancy services, no special ifs, caveats or unfathomable exotic circumstances or unforeseeable dangers!

And by all means i really like that Network Manager wrapper,(@GazL) my bad i meant @allend , pardon my french but i'm off to steal it shamelessly right away!

Gentleman?

2 members found this post helpful.