[Discuss] Trying to connect to internet in Debian

[richard.pieri at gmail.com (Rich Pieri)]

On Fri, 16 Jan 2026 23:40:14 -0500
Dan Ritter <dsr at randomstring.org> wrote:

> Is setting up a firewall ever going to be so generic that a
> reasonably high proportion of users will want a one-click
> checkbox and be happy with the results? I suppose it depends on
> the user population, but I suspect the answer is negative.

Not Debian users, anyway. Debian has offered a selection of firewall
tool suites for over 20 years. None are installed as a default
configuration. I don't see this changing any time soon. File with Arch
which has an even more minimalist do-it-yourself philosophy.

Contrast with RHEL, SLES and Ubuntu. They each include exactly one
firewall tool suite. Different audiences. The RHEL and SLES audiences
are enterprise customers who are paying for support and typically need
to comply with corporate policies which require OS level firewalls
because Microsoft Windows exists and it really does require that
firewall. The Ubuntu audience is non-technical users who don't
necessarily know what they're doing but maybe they "know" they need "a
firewall".

Do I use any of these firewall tools myself?

Professionally, mostly no. As previously noted, I disable the firewall
service on most new RHEL, SLES and Ubuntu machines I deploy. We don't
need it.

At home I have three always on Debian servers, two physical machines and
one VM. No OS level firewalls. They're protected by the OpenWRT
firewall at the border. I also have two Arch (CachyOS) machines
(formerly Tumbleweed) on which I do have ufw enabled because one of
them is a notebook which finds itself on hostile networks and I like to
restrict SSH access beyond simple hardening. ufw is active on the other
machine for consistent behavior.

-- 
\m/ (--) \m/