[Discuss] Trying to connect to internet in Debian

Fri Jan 16 18:16:20 EST 2026

You have a clear preference for a firewall:

> The context is that I simply do not want to connect a machine to the internet without a firewall -- ever.  Regardless of how secure Linux may be in the abstract, I believe zero-days exist for Linux, and I prefer the extra security that a firewall provides.
And that is up to you. (I have a plenty of opinions and priorities that 
others don't need to share.) And I do hate it when I ask a technical 
question and the answers I get back are "Why do you want to do that?" 
and "Don't.". I am sorry to have been in that camp.

Go ahead and put on a firewall, I'm not qualified to help, so I should 
maybe stay quiet.

On 1/16/26 2:07 PM, Randall Rose wrote:
> Most of my criticism of Debian still stands. […] From my perspective, if a distro is used by naive users and it sometimes installs things out-of-the-box that may have security vulnerabilities which a firewall could help with, then its installer should offer a checkbox for installing a firewall with reasonable settings that's already up and running on first boot.

But that extremely short-duration quiet ends because I think you are 
making an unfair complaint against Debian.

It is very reasonable to make a technical argument that a firewall 
simply isn't needed in a basic install of Debian, yet it is significant 
complexity to get wrong, and once a firewall is in place it can be a 
further source of confusion that confusion create security vulnerabilities.

Certainly one can customize an installation in such a way that a 
firewall makes very good sense sense, and install a firewall. Both of 
those are up to you.

But a complex extra layer, that is hard to configure, being installed by 
default when not needed, seems a mistake.

A practical path is still:

1. Do a basic install, with no services listening to the network, and so 
nothing for a firewall to protect.

2. Get the computer configured and actually working, on your network, 
able to get updates and install new stuff from the internet. Still 
nothing for a firewall to protect.

3. Install a firewall and get it working, even though there is still 
nothing to protect.

4. Finally do further customizations, including installing anything 
(iffy or not) that listens to the network, and might need protection; 
revisiting the details of #3 as necessary.

Now if you have problems in #3 and #4 those problems are pretty isolated 
to #3 and #4, you started with a working machine and presumably revert 
to your previous configuration.

-kb, the Kent who thinks decades of firewalls have hurt security by 
giving users a false sense of security and giving legions of programmers 
a gigantic excuse for doing crappy work.