Cyber security enthusiast/ pen tester who loves Linux and teaching how to keep people safe online. Also a Linux advocate and open source GNU/Linux supporter.
Knows python, rust, C++ C# and java (unfortunately)
I know all this already. But I also use arch and have been for the last 6+ years and I use ufw lol
The main one everybody uses at least from my knowledge and from what I’ve used over the last 13 years is UFW. That is what you want to use.
A firewall is very important not just for being on public Wi-Fi connections. A firewall is your extra layer of protection
I don’t know what Distro you run. But it’s almost the same for each one
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-20-04
UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with sudo apt install ufw.
Using IPv6
sudo nano /etc/default/ufw
That command should come back with this
IPV6=yes
Save and close the file. Now, when UFW is enabled, it will be configured to write both IPv4 and IPv6 firewall rules. However, before enabling UFW, we will want to ensure that your firewall is configured to allow you to connect via SSH. Let’s start with setting the default policies.
Setting up default policies
sudo ufw default deny incoming sudo ufw default allow outgoing
These commands set the defaults to deny incoming and allow outgoing connections. These firewall defaults alone might suffice for a personal computer, but servers typically need to respond to incoming requests from outside users. We’ll look into that next.
To configure your server to allow incoming SSH connections, you can use this command:
sudo ufw allow ssh
This will create firewall rules that will allow all connections on port 22, which is the port that the SSH daemon listens on by default. UFW knows what port allow ssh means because it’s listed as a service in the /etc/services file.
However, we can actually write the equivalent rule by specifying the port instead of the service name. For example, this command works the same as the one above:
sudo ufw allow 22
If you configured your SSH daemon to use a different port, you will have to specify the appropriate port. For example, if your SSH server is listening on port 2222, you can use this command to allow connections on that port:
sudo ufw allow 2222
To enable UFW, use this command:
sudo ufw enable
There are way more viruses written for windows than there is for Linux
Linux users find viruses and they report them and then everyone works on a fix for it and it gets patched as soon as possible. This is why open sourced code is good.
Windows takes forever to fix or patch viruses most of the time they probably dont even care.
Everything virus related or even bug related gets patched almost immediately under Linux
Also… Everything you install on Linux is pre compiled and ore configured inside a package manager and these packages get checked constantly for bugs and viruses. Theres almost no need to install anything on Linux from websites that could be compromised
Out of the 13 years I have been using Linux I haven’t Once caught a virus but I also study malware and write malware so I also understand it more on a deep level.
But honestly it’s very hard to catch a virus on Linux
What don’t you completely understand about Linux firewall? I don’t mind helping you learn
ClamAV is really only used to check for cross virus contamination. It’s a tool that checks for windows malware inside of Linux.
Linux doesn’t need any malware software. The way Linux runs and works is already way more secure in itself, almost everything you’ll ever download is pre compiled intro software repositories that are checked constantly.
The only way you’ll catch a virus on Linux is being dumb and clicking ads or downloading something from untrusted sources like websites that could be fake but look real.
Oh yeah that’s right. I totally forgot ooensuse does that 😆 been a long time since I’ve used it.
I’m on Arch myself. Been a Linux user for 15 years I love it
Thanks for reminding me
Tumbleweed is rolling release so just make sure you snapshot your system once before an update and once after just Incase something goes wrong
Pop OS is based off of Ubuntu so I mean makes sense.
https://github.com/arindas/manjarno
https://www.hadet.dev/Manjaro-Bad/
Manjaro also has a “rolling release” model that isn’t actually fully rolling release. They hold back packages for a few weeks which in return has almost always destroyed the AUR for not only manjaro users but Arch users.
They lie about it being fully rolling. Not just that they have forgotten to sign their signature keys multiple times before releasing big updates.
Sure it’s an easier Arch for “beginners” but I’d say it’s easier to just install arch on a VM if you really want to learn and use arch that bad a VM is the best way.
Pure Arch is better than Manjaro. Hell I hate Ubuntu but I’d rather use that over Manjaro
Oh this looks very clean! Great work and love arch