Hi. I wanted to know if it’s needed to install a firewall on a linux desktop/laptop. Why yes or why no?
If your computer is connected to a network, I don’t see any downside of enabling a firewall. It’s a good security layer to have and costs basically no resources to keep running.
I guess a downside is having to fiddle with it, allowing stuff you want to get through. Sometimes it blocks stuff you don’t want blocked
I’d rather have to open up stuff my self then have an uninvited visitor doing it without me knowing about it.
If you are only at home you don’t need it because the router already has a firewall. But if you’re is using public WiFi definitely use it.
It depends on how much do you trust your router.
Some home routers have poor security: unfrequent updates, http (not https) web consoles, single factor authentication (password only, without username for instance).
Enabling your firewall is the bare minimum, costs nothing and it’s a good security practice.
Sure that is true but if you’re getting it from the ISP and it’s that bad, you need to change ISP.
Plus, ALWAYS get into the router and set a new password. Always. And go over all the settings to be sure. As you say, a shit ISP may have lax security.
You should bring your own hardware wherever possible. I’d never trust my local network to the ISP.
you need to change ISP.
You say that like its easy. It usually isn’t.
It usually isn’t too hard to insert your own router into your network setup. You might have to battle with ISP support a bit though, but a ton support either Bridge Mode or IP Passthrough.
You most likely already have one installed, but not enabled. It doesn’t harm anything (maybe you need to allow traffic to ssh or other configuration, but after that you’re all set) and it’s a layer of protection, specially if you need to move between networks (public wifi etc).
There is no reason not having a firewall
Yes, because while I trust my device, I do not trust the Chromecast or the WAP to not be an asshole and fuck with things.
You shouldn’t trust your device. Modern software is insanely complicated, even netbsd had an rce.
Trust may be the worng word as Windows will be Windows but I know that no one is going to zero day my devices because I am not that high value of a target.
