Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Help with firewalls

  1. #1
    Join Date
    Jun 2008
    Location
    USA
    Posts
    1,128

    Default Help with firewalls

    I think I'm asking a philosophical question. Do I need a firewall and if so, what kind?

    I'm a home user with a pc, a laptop, an ipad and a cell phone. All of these go through my router to get to the internet. From time to time, I use a vpn. My connections to the outside world are for surfing and email. I don't create many files, but along with photos, I upload them to the cloud.

    Should I put a firewall on the router? Is opensuse's built-in firewall a solution for each device individually? I've looked at the "manual" but don't understand the details well enough to make decisions about what to add where. How does the vpn enter into the equation?

    What are you doing with regard to firewalls?
    Any sufficiently advanced technology is indistinguishable from magic. - Arthur C. Clarke

  2. #2
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,403

    Default Re: Help with firewalls

    As with so many things this is a personal decision.

    Personaly I have no firewalls running on the systems in the house (I trust the users). The router has firewall functionality and protects the LAN from the world outside. This implies that I can configure the router including it's firewall, NAT, etc. functions. I am not sure if that is the case with all routers offered by ISPs.

    OTOH, when you have an environment with e.g. students, I would certainly go for more security. against attacks from within the LAN.
    Henk van Velden

  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,499
    Blog Entries
    2

    Default Re: Help with firewalls

    A philosophical question deserves a literary answer...

    "To firewall or not to firewall... That is the question..."

    And, "need" may need to be defined.
    Perhaps start with some basics... As the name implies, a "firewall" is a kind of wall, but what kind of wall?
    It can be thought of as a security layer between your vulnerable machine and potential attacks by bad actors by way of networking.
    This security layer is configurable to allow permitted traffic and block traffic that isn't.
    There are also many kinds of firewalls that can block traffic in different ways, the iptables based firewall you find on openSUSE is just one type... There are also application layer firewalls, port-based firewalls, proxy firewalls... and as you've noticed they can be installed on each individual machine (Host based firewalls) and at critical points of entry into your network like on your Internet Gateway Router.
    No one absolutely "needs" to run a firewall, but it's generally advisable and as part of a "security in depth" strategy where an intruder must successfully traverse multiple safeguards before an attack might be successful.
    Security is also a subjective issue where every person (or entity) makes an individual decision on how much and how to implement security... It doesn't matter if you are a home User, if you're protecting something extremely sensitive, valuable or irreplaceable it makes sense to commit more money and resources for better security.

    VPNs extend the security you typically have set up in your LAN to other machine(s) across untrusted networks like the dangerous Internet.
    So, for example if you were traveling and away from home but suddenly needed something on another machine at home, a VPN would enable you to connect to your home network from wherever you are in a secure way.
    There are other reasons why some use VPNs, too.

    Nowadays,
    Nearly everyone will run a Host-based firewall with varying configuration wherever your machine is connected to a network... Your machine might be set up very permissively at home where your other machines should be protected from Internet threats... But if your machine is a laptop and you connect to a public WiFi hotspot, then you'll want your firewall configured in a very untrusting mode, denying everything that's unexpected.

    HTH,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  4. #4
    Join Date
    Jun 2008
    Location
    USA
    Posts
    1,128

    Default Re: Help with firewalls

    Thanks for the responses. I see that this question requires deep thought and may have multiple correct answers.
    Any sufficiently advanced technology is indistinguishable from magic. - Arthur C. Clarke

  5. #5
    Join Date
    Jan 2014
    Location
    Erlangen
    Posts
    1,134

    Default Re: Help with firewalls

    Quote Originally Posted by hcvv View Post
    Personaly I have no firewalls running on the systems in the house (I trust the users).
    Sure. But can you trust their appliances? A considerable percentage is hacked without their users even knowing.
    AMD Athlon 4850e (2009), openSUSE 13.1, KDE 4, Intel i3-4130 (2014), i7-6700K (2016), i5-8250U (2018), openSUSE Tumbleweed, KDE Plasma 5

  6. #6
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,403

    Default Re: Help with firewalls

    Quote Originally Posted by karlmistelberger View Post
    Sure. But can you trust their appliances? A considerable percentage is hacked without their users even knowing.
    As I use the same openSUSE provided applications on my own system, there would be no need for them to go through a firewall .
    Henk van Velden

  7. #7

    Default Re: Help with firewalls

    Hi, local lan is not what it used to be. Now it is the same hostile place as the wide internet, but more dangerous, because people trust it. Never do that, because you never know what flaws or backdoors have all the smartphones, smart bulbs, cameras, etc, whatever is or eventually can be connected to your lan. So you should use firewall for sure and avoid using trust zones.

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,403

    Default Re: Help with firewalls

    Manage the LAN. I know what is connected to it and I allow or not what can be connevted to it.

    But I agree, when you have your LAN open the the world, using a firewall in it's original meaning (on the border of the LAN) is quite useless and having a (what is often called "personla") firewall on every device is needed.

    Everyone to her/his needs.
    Henk van Velden

  9. #9

    Default Re: Help with firewalls

    And that is the problem, you can never know what is connected to your lan. With mitigations and all those intel ME backdoors (cough cough bugs) you cannot even trust your own system It's yesterdays news, but still quite fresh.

  10. #10
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    27,254
    Blog Entries
    15

    Default Re: Help with firewalls

    Quote Originally Posted by pruda View Post
    And that is the problem, you can never know what is connected to your lan. With mitigations and all those intel ME backdoors (cough cough bugs) you cannot even trust your own system It's yesterdays news, but still quite fresh.
    Hi
    Is there some trick to getting intel windows applications/drivers running under linux? Plus don't see my Xeon E3-1245 V2 mentioned.... I don't run a firewall on my desktop machine, laptops I do and they are AMD gpu/cpu...
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •