 DistroWatch Weekly |
| Tip Jar |
If you've enjoyed this week's issue of DistroWatch Weekly, please consider sending us a tip.
(Tips this week: 1, value: US$23.49) |
|
|
|
 bc1qtede6f7adcce4kjpgx0e5j68wwgtdxrek2qvc4  86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le |
|
| Linux Foundation Training |
|
| Reader Comments • Jump to last comment |
1 • no firewall on pc (by pappito on 2021-12-06 03:18:31 GMT from Australia)
handled at router level
should I be using one?
2 • Opensnitch (by anon on 2021-12-06 03:51:53 GMT from Venezuela)
Great tool! I wasn't aware such tools existed for linux.
3 • The Book Review (by Andy Figueroa on 2021-12-06 04:54:38 GMT from United States)
Looking at the sample chapter, which includes the table of contents, the book appears to be superficial. Back in the mid to late 1980s I was seriously in need of "book" to learn *nix text processing. My Unix system administrator suggested I get "Unix Primer Plus" by the Waite Group. This book (I have both the 1st and 2nd editions) laid the foundation by which I somewhat mastered the art of extreme text processing. The 3rd edition (recommended) is frequently available used via Amazon at the more or less $10 US price-point. I would buy it myself but I'm over that hump now.
Everything I learned in "Unix Primer Plus" is applicable to the same skills in Linux. I still frequently use it as a reference. I have a small library of Unix and Linux books, and this is the best of the bunch if you want to learn how to use cat, more, less, grep, awk, cut, paste, sed, search, sort, etc.
Just beware of sites that let you read this on-line with a "free" trial membership. There are numerous bait-and-switch sites for read on-line/download of books.
4 • Firewall (by Sam Crawford on 2021-12-06 05:05:21 GMT from United States)
I run UFW on my 3 debian based computers. I configure it both with GUFW and the command line. I open ports for Transmission, BOINC distributed computing and for VueScan, a scanner program.
Windows 11 uses the default Microsoft Defender firewall and anti-virus. My network uses Untangle, a commercial firewall.
Knock on wood, everything seems to be working OK as I haven't had any issues (that I'm aware of).
5 • Firewall (by harpia on 2021-12-06 05:13:02 GMT from Brazil)
Firewall on an OpenWrt router.
If you have ipv6, be extra careful. Unlike ipv4, it has no NAT. A firewall is the only way to block incoming traffic.
Some consumer-level routers block all incoming ipv6 traffic by default; some do not block anything. Go check yours.
6 • Qubes OS + Suricata (by Ro0t on 2021-12-06 07:01:34 GMT from Germany)
I use Qubes OS plus Suricata in IPS mode. Hardware firewall I do not have.
7 • Firewall (by Kazlu on 2021-12-06 09:15:02 GMT from France)
I am using ufw because it's standard and included on my distribution. I added a couple of custom rules and then forgot about it, which is what I want. The idea behind OpenSnitch is very interesting and I would like to see it more widely adopted in the future, but I do not have time to experiment with it myself considering the firewall job is already handled and I have no problem with it.
8 • Firewall (by DachshundMan on 2021-12-06 09:37:53 GMT from United Kingdom)
Like @7, I also use UFW on all my Linux computers as it is included in the distros. Generally I use the default setting of Incoming:deny, Outgoing:allow.
I also like the idea of OpenSnitch. It would be good to have the feature where the appropriate rules are added when software is installed on the machine. The corporate software I used to install before retiring did this on Windows although I did have to enable to appropriate version of the rule (domain or public/private) afterwards.
9 • OpenSnitch firewall (by Simon Plaistowe on 2021-12-06 11:30:52 GMT from New Zealand)
Well I wasn't using a firewall on my laptop because I wanted a process blocking one and could never find one. Thanks to the mention of OpenSnitch in last week's DW Weekly, I've now been using it for the past week (Linux Mint). Bloody brilliant, just what I've wanted all these years!
10 • Firewall (by Tim on 2021-12-06 12:29:57 GMT from United States)
I run nftables on Arch Linux and Fedora Linux.
11 • Open Snitch (by crayola-eater on 2021-12-06 13:17:12 GMT from United States)
After you mentioned it last week, I kept trying to remember the old Windows firewall I used that had the same MO, and this week you named it - Zone Alarm. That was the cat's meow when it first hit the scene (even had a very capable free version). Not so much after it got sold to whichever big player wanted to cut out the competition.
I liked how it tracked outgoing calls, and gave you the oportunity to say no to the phone home tendancy.
So at last I now have something to bring back what I consider the real way to handle things smartly (or at least after I get off my keister and actually get it installed and settled in).
Thanks Jesse for a great lead.
12 • OpenSnitch (by Jay on 2021-12-06 13:40:52 GMT from Poland)
I've been aware of OpenSnitch for some time, but let my attention lapse. (Life happens.) Thanks for the reminder of a worthy security application, Jesse. I'll be using it to augment my nf/iptables firewall.
13 • Firewall? Don't talk to me about a firewall. (by Bob McConnell on 2021-12-06 13:56:42 GMT from United States)
You missed an option in your poll. I don't use local firewalls on my servers or workstations, as there are too many to keep up. I do have a dual-port PC running OPNsense between my networks and the ISP. I can block known troublemakers there. Yes, networkS! I have both a G-bit Ethernet backbone and a dual band WiFi router running full time. The backbone supports three NAS boxes totaling 11 TB of storage, four workstations, an Apache/Nextcloud server, an entertainment server, a PostgreSQL server and three Raspberry Pi. All but one of those and the Pi are running Slackware64. The WD MyCloud is FreeBSD. The WiFi supports my wife's laptop and BlueRay player, a Wii, a Playstation, all-in-one printer, two phones and five tablets. It gets real busy when the grandchildren visit. Oh, yes; IPv6 is disabled on the firewall. I see no need for the excessive overhead at this time, and I trust NAT much more.
14 • Firewall Not Needed (by Rick on 2021-12-06 14:02:19 GMT from United States)
After using Ubuntu since 2006, I went full-time with Linux in 2011 because of Windows viruses and trojans which often destroyed my OS. Since then I've had absolutely no need for an
anti-virus or firewall on any of my 5 Thinkpads.
15 • firewall (by VE on 2021-12-06 16:42:00 GMT from United States)
A firewall sits between the local network and the internet. I've never understood the point of device level firewalls.
16 • Firewalls (by Robert on 2021-12-06 16:57:27 GMT from United States)
I did set up a port firewall on my Arch desktop, though I can't recall if it was iptables or nftables.
I used an application firewall on windows for a short time, but I found it very annoying being constantly interrupted to grant permission to this or that thing. I might try opensnitch though, because hopefully the Linux ecosystem will be better behaved and therefore less bothersome to deal with the interruptions.
17 • opensnitch (by a on 2021-12-06 19:22:46 GMT from France)
OpenSnitch seems great, I wanted to have such a tool a long time ago.
Nowadays I probably won’t bother as I got used to living without a firewall.
18 • Never used firewalls (by ostro on 2021-12-06 21:18:16 GMT from Poland)
I never used firewalls in any of my Linux boxes for last 17 years. And, since Windows 10, none of the Windows boxes either..
19 • OpenSnitch (by nobody on 2021-12-07 08:30:24 GMT from Finland)
I mentioned opesnitch on the comments for issue 940. Glad to see it get more attention.
Unfortunately it's not available in most repos yet but hopefully that changes when the project matures a bit.
The process locking and decision making being done with eBPF is also a bit unfortunate for those that would like to disable it for security reasons. Maybe this won't be the issue if in the future eBPF payloads can be signed and verified.
20 • Firewalls (by penguinx86 on 2021-12-07 09:44:31 GMT from United States)
I don't use a firewall on my Linux laptop at home. But my desktop computer at work has the built in Microsoft firewalls, our office has a local area network firewall, which goes through a remote corporate firewall. Funny how my 2ghz dual core i3 laptop with Linux on wifi runs SO MUCH FASTER than my 3ghz quad core i5 Windows computer on gigabit ethernet at work.
21 • Opensnitch (by hulondalo on 2021-12-07 11:19:30 GMT from Australia)
great article, thanks.
this is the reason i read distrowatch. like waydroid in the previous issue, saved me a lot of troubles and time. been wanting to try it but since xfce didn't support wayland so i thought it might be time to switch to kde but after reading DW review i think i'll stick to xfce and android x86 on qemu until xfce supports wayland and waydroid matures :) thanks.
apparently this is a brave new world, many ppl don't wanna firewall anymore or r their using adblock or host files?
22 • Firewall (by Matthew Evan on 2021-12-08 01:51:46 GMT from United States)
Definently have a firewall over things like your SSH and samba ports when you're in public, I suppose when you're on a NAT you are generally okay but it's never too safe if you got a router with proprietary firmware and a bad track record.
23 • firewells (by firewally on 2021-12-08 08:25:40 GMT from France)
* Agree with @16 that firewall alarms become annoying. Many warnings are over anonymous small apps running from the Temp folder. This can be legit when installing a larger app - or it can be malware. After a while you get the small Temp app warnings all the time - indicating malware infection. It would be interesting to see if Opensnitch is any better.
* PC's have controls that don't necessarily cut all wireless access - OS settings, key combos, or even removing the wireless module (because the NIC is still on the motherboard). This renders firewalls not very useful against hackers who target wireless hardware. Only BIOS deactivation or kill switches shut off the wireless completely. Hence the rise of Open Source hardware to provide better control over computers.
* Security ppl tell us that the TOR network is anonymous and encrypted, and so is safe. But it has now been found that bad actors have controlled thousands of Tor server nodes over the last few years. This deanonymises ppl on the network to track their surfing - and maybe even find personal details and hack computers. They were able to register the servers without providing contact details.
So there are hackers lacing websites and apps with malware, large groups fighting for control over Internet servers and networks - and you're at home with your dodgy computer, trusty OS, and whiz-bang firewall. Good luck with that.
24 • firewalls (by Tad Strange on 2021-12-08 17:55:27 GMT from Canada)
Not much to comment on this week. On a private LAN I see no point in device level firewalls - they belong at the gateway.
Maybe if you're always sitting on a public wifi in a coffee shop or something, but even those services are usually running some form of client isolation.
25 • Firewalls (by None of the above on 2021-12-09 12:21:35 GMT from Germany)
This was a great article about OpenSnitch. I could not take your survey because none of the answers matched what I do. I use IPTABLES and block IP ranges. I went years without any firewall on my home server and I was always worried, but it was probably unnecessary. If you only run safe software that is properly configured and keep everything updated you greatly reduce your risks.
Do you need to block ports? The port is only open by some software you are running. Do you need to block processes? Same answer. What is interesting about OpenSnitch is that it can help you figure out if your software is misbehaving. This would more likely be outbound traffic instead of inbound.
I do check my logs for bad actors and then ban them. I hope to reduce the chances of them actually succeeding in the future if there is some new exploit by just blocking them completely.
26 • No Opensnitch install files for my Linux Mint MATE 20.2 (by ROC on 2021-12-10 03:53:06 GMT from United States)
375-Lnx:~$ sudo dpkg -i opensnitch*.deb python3-opensnitch-ui*deb
[sudo] password for [me]:
dpkg: error: cannot access archive 'opensnitch*.deb': No such file or directory
[me]@Dell--Lnx:~$ sudo dpkg -i opensnitch*.deb python3-opensnitch-ui*deb
dpkg: error: cannot access archive 'opensnitch*.deb': No such file or directory
Copy/pasted from your article, Jesse, with above results (after running latest updates).
27 • opensnitch installation on opensuse (by Jack on 2021-12-10 09:58:15 GMT from Australia)
I tried to install opensnitch daemon and user interface packages on vanilla leap 15.3 vanilla but the installation process kept failing due to prerequisite packages. I kept going by reading the error messages, figuring out what packages were missing, installing one more package and ended up the list below:
libnetfilter_queue1
python3-inotify
python3-pyinotify
python3-qt5
python3-grpcio
python3-grpcio-gcp
python3-grpc-google-iam-v1
python3-python-slugify
Needless to say,, some of the the packages were also dependent on other packages which zypper installed automatically. When I finally got opensnitch working, there were more than 60 new packages added to the system!
28 • Installing OpenSnitch (by Jesse on 2021-12-10 14:58:43 GMT from Canada)
@26: "Copy/pasted from your article, Jesse, with above results (after running latest updates)."
It looks like you didn't follow the previous step which is to first download the opensnitch.deb packages. You need to do that before you try to install them.
Number of Comments: 28
Display mode: DWW Only • Comments Only • Both DWW and Comments
| | |
| TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite
Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
| Archives |
| • Issue 1037 (2023-09-18): Bodhi Linux 7.0.0, finding specific distros and unified package managemnt, Zevenet replaced by two new forks, openSUSE introduces Slowroll branch, Fedora considering dropping Plasma X11 session |
| • Issue 1036 (2023-09-11): SDesk 2023.08.12, hiding command line passwords, openSUSE shares contributor survery results, Ubuntu plans seamless disk encryption, GNOME 45 to break extension compatibility |
| • Issue 1035 (2023-09-04): Debian GNU/Hurd 2023, PCLinuxOS 2023.07, do home users need a firewall, AlmaLinux introduces new repositories, Rocky Linux commits to RHEL compatibility, NetBSD machine runs unattended for nine years, Armbian runs wallpaper contest |
| • Issue 1034 (2023-08-28): Void 20230628, types of memory usage, FreeBSD receives port of Linux NVIDIA driver, Fedora plans improved theme handling for Qt applications, Canonical's plans for Ubuntu |
| • Issue 1033 (2023-08-21): MiniOS 20230606, system user accounts, how Red Hat clones are moving forward, Haiku improves WINE performance, Debian turns 30 |
| • Issue 1032 (2023-08-14): MX Linux 23, positioning new windows on the desktop, Linux Containers adopts LXD fork, Oracle, SUSE, and CIQ form OpenELA |
| • Issue 1031 (2023-08-07): Peppermint OS 2023-07-01, preventing a file from being changed, Asahi Linux partners with Fedora, Linux Mint plans new releases |
| • Issue 1030 (2023-07-31): Solus 4.4, Linux Mint 21.2, Debian introduces RISC-V support, Ubuntu patches custom kernel bugs, FreeBSD imports OpenSSL 3 |
| • Issue 1029 (2023-07-24): Running Murena on the Fairphone 4, Flatpak vs Snap sandboxing technologies, Redox OS plans to borrow Linux drivers to expand hardware support, Debian updates Bookworm media |
| • Issue 1028 (2023-07-17): KDE Connect; Oracle, SUSE, and AlmaLinux repsond to Red Hat's source code policy change, KaOS issues media fix, Slackware turns 30; security and immutable distributions |
| • Issue 1027 (2023-07-10): Crystal Linux 2023-03-16, StartOS (embassyOS 0.3.4.2), changing options on a mounted filesystem, Murena launches Fairphone 4 in North America, Fedora debates telemetry for desktop team |
| • Issue 1026 (2023-07-03): Kumander Linux 1.0, Red Hat changing its approach to sharing source code, TrueNAS offers SMB Multichannel, Zorin OS introduces upgrade utility |
| • Issue 1025 (2023-06-26): KaOS with Plasma 6, information which can leak from desktop environments, Red Hat closes door on sharing RHEL source code, SUSE introduces new security features |
| • Issue 1024 (2023-06-19): Debian 12, a safer way to use dd, Debian releases GNU/Hurd 2023, Ubuntu 22.10 nears its end of life, FreeBSD turns 30 |
| • Issue 1023 (2023-06-12): openSUSE 15.5 Leap, the differences between independent distributions, openSUSE lengthens Leap life, Murena offers new phone for North America |
| • Issue 1022 (2023-06-05): GetFreeOS 2023.05.01, Slint 15.0-3, Liya N4Si, cleaning up crowded directories, Ubuntu plans Snap-based variant, Red Hat dropping LireOffice RPM packages |
| • Issue 1021 (2023-05-29): rlxos GNU/Linux, colours in command line output, an overview of Void's unique features, how to use awk, Microsoft publishes a Linux distro |
| • Issue 1020 (2023-05-22): UBports 20.04, finding another machine's IP address, finding distros with a specific kernel, Debian prepares for Bookworm |
| • Issue 1019 (2023-05-15): Rhino Linux (Beta), checking which applications reply on a package, NethServer reborn, System76 improving application responsiveness |
| • Issue 1018 (2023-05-08): Fedora 38, finding relevant manual pages, merging audio files, Fedora plans new immutable edition, Mint works to fix Secure Boot issues |
| • Issue 1017 (2023-05-01): Xubuntu 23.04, Debian elects Project Leaders and updates media, systemd to speed up restarts, Guix System offering ground-up source builds, where package managers install files |
| • Issue 1016 (2023-04-24): Qubes OS 4.1.2, tracking bandwidth usage, Solus resuming development, FreeBSD publishes status report, KaOS offers preview of Plasma 6 |
| • Issue 1015 (2023-04-17): Manjaro Linux 22.0, Trisquel GNU/Linux 11.0, Arch Linux powering PINE64 tablets, Ubuntu offering live patching on HWE kernels, gaining compression on ex4 |
| • Issue 1014 (2023-04-10): Quick looks at carbonOS, LibreELEC, and Kodi, Mint polishes themes, Fedora rolls out more encryption plans, elementary OS improves sideloading experience |
| • Issue 1013 (2023-04-03): Alpine Linux 3.17.2, printing manual pages, Ubuntu Cinnamon becomes official flavour, Endeavour OS plans for new installer, HardenedBSD plans for outage |
| • Issue 1012 (2023-03-27): siduction 22.1.1, protecting privacy from proprietary applications, GNOME team shares new features, Canonical updates Ubuntu 20.04, politics and the Linux kernel |
| • Issue 1011 (2023-03-20): Serpent OS, Security Onion 2.3, Gentoo Live, replacing the scp utility, openSUSE sees surge in downloads, Debian runs elction with one candidate |
| • Issue 1010 (2023-03-13): blendOS 2023.01.26, keeping track of which files a package installs, improved network widget coming to elementary OS, Vanilla OS changes its base distro |
| • Issue 1009 (2023-03-06): Nemo Mobile and the PinePhone, matching the performance of one distro on another, Linux Mint adds performance boosts and security, custom Ubuntu and Debian builds through Cubic |
| • Issue 1008 (2023-02-27): elementary OS 7.0, the benefits of boot environments, Purism offers lapdock for Librem 5, Ubuntu community flavours directed to drop Flatpak support for Snap |
| • Issue 1007 (2023-02-20): helloSystem 0.8.0, underrated distributions, Solus team working to repair their website, SUSE testing Micro edition, Canonical publishes real-time edition of Ubuntu 22.04 |
| • Issue 1006 (2023-02-13): Playing music with UBports on a PinePhone, quick command line and shell scripting questions, Fedora expands third-party software support, Vanilla OS adds Nix package support |
| • Issue 1005 (2023-02-06): NuTyX 22.12.0 running CDE, user identification numbers, Pop!_OS shares COSMIC progress, Mint makes keyboard and mouse options more accessible |
| • Issue 1004 (2023-01-30): OpenMandriva ROME, checking the health of a disk, Debian adopting OpenSnitch, FreeBSD publishes status report |
| • Issue 1003 (2023-01-23): risiOS 37, mixing package types, Fedora seeks installer feedback, Sparky offers easier persistence with USB writer |
| • Issue 1002 (2023-01-16): Vanilla OS 22.10, Nobara Project 37, verifying torrent downloads, Haiku improvements, HAMMER2 being ports to NetBSD |
| • Issue 1001 (2023-01-09): Arch Linux, Ubuntu tests new system installer, porting KDE software to OpenBSD, verifying files copied properly |
| • Issue 1000 (2023-01-02): Our favourite projects of all time, Fedora trying out unified kernel images and trying to speed up shutdowns, Slackware tests new kernel, detecting what is taking up disk space |
| • Issue 999 (2022-12-19): Favourite distributions of 2022, Fedora plans Budgie spin, UBports releasing security patches for 16.04, Haiku working on new ports |
| • Issue 998 (2022-12-12): OpenBSD 7.2, Asahi Linux enages video hardware acceleration on Apple ARM computers, Manjaro drops proprietary codecs from Mesa package |
| • Issue 997 (2022-12-05): CachyOS 221023 and AgarimOS, working with filenames which contain special characters, elementary OS team fixes delta updates, new features coming to Xfce |
| • Issue 996 (2022-11-28): Void 20221001, remotely shutting down a machine, complex aliases, Fedora tests new web-based installer, Refox OS running on real hardware |
| • Issue 995 (2022-11-21): Fedora 37, swap files vs swap partitions, Unity running on Arch, UBports seeks testers, Murena adds support for more devices |
| • Issue 994 (2022-11-14): Redcore Linux 2201, changing the terminal font size, Fedora plans Phosh spin, openSUSE publishes on-line manual pages, disabling Snap auto-updates |
| • Issue 993 (2022-11-07): Static Linux, working with just a kernel, Mint streamlines Flatpak management, updates coming to elementary OS |
| • Issue 992 (2022-10-31): Lubuntu 22.10, setting permissions on home directories, Linux may drop i486, Fedora delays next version for OpenSSL bug |
| • Issue 991 (2022-10-24): XeroLinux 2022.09, learning who ran sudo, exploring firewall tools, Rolling Rhino Remix gets a fresh start, Fedora plans to revamp live media |
| • Issue 990 (2022-10-17): ravynOS 0.4.0, Lion Linux 3.0, accessing low numbered network ports, Pop!_OS makes progress on COSMIC, Murena launches new phone |
| • Issue 989 (2022-10-10): Ubuntu Unity, kernel bug causes issues with Intel cards, Canonical offers free Ubuntu Pro subscriptions, customizing the command line prompt |
| • Issue 988 (2022-10-03): SpiralLinux 11.220628, finding distros for older equipment and other purposes, SUSE begins releasing ALP prototypes, Debian votes on non-free firmware in installer |
| • Issue 987 (2022-09-26): openSUSE's MicroOS, converting people to using Linux, pfSense updates base system and PHP, Python 2 dropped from Arch |
| • Issue 986 (2022-09-19): Porteus 5.0, remotely wiping a hard drive, a new software centre for Ubuntu, Proxmox offers offline updates |
| • Issue 985 (2022-09-12): Garuda Linux, using root versus sudo, UBports on the Fairphone 4, Slackware reverses change to grep |
| • Full list of all issues |
| Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
| Shells.com |
Your own personal Linux computer in the cloud, available on any device. Supported operating systems include Android, Debian, Fedora, KDE neon, Kubuntu, Linux Mint, Manjaro and Ubuntu, ready in minutes.
Starting at US$4.95 per month, 7-day money-back guarantee
|
| Random Distribution | 
Athene Operating System
Athene was a commercial operating system developed by Rocklyte Systems for use in the home and office. Athene combines years of Rocklyte's R&D with the latest Linux technology to create one of the fastest operating systems available today. With boot times as fast as four seconds and advanced graphics technology not available in standard Linux distributions, Athene may be the best low-cost alternative to Windows for your computer desktop.
Status: Discontinued
|
| TUXEDO |
TUXEDO Computers - Linux Hardware in a tailor made suite
Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
|
| Star Labs |
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.
|
|
• 
• 
• 
• 
• 
• 
• 
