On 3/20/21 11:11 AM, Carlos E. R. wrote:
El 2021-03-19 a las 23:09 -0500, David C. Rankin escribió:
...
Gustav,
I've always liked iptables and managing the rules directly. For example, here is a reasonably helpful page.
https://www.digitalocean.com/community/tutorials/iptables-essentials-common-...
The reason I prefer managing the rules directly, is it eliminates the question whether the front-end you are using is actually doing what you think you are telling it to do?
I always found it took about equal time to either look-up how to do something in iptables directly or to mess with a firewall front-end and figure out what it thinks a zone is and if this zone is really being applied in the way I think it is.
Don't get me wrong, I'm not against front-ends and openSUSE has done a good job with firewalld (shorewall before that, etc...), but if you use more than one distribution, you may have to learn multiple front-ends.
What openSUSE did was using the in-house SuSEfirewall2, not firewalld nor shorewall ;-)
The documentation for firewalld is reasonably good:
Those are the basic pros/cons I see it. Whichever you use, it just takes time (like anything else) to wade though the documentation and examples to the point where you are comfortable with what it is doing and how to configure it for your needs.
If you like using iptables, you should consider using nftables instead. I'm told it is easier to use and more powerful. And modern.
-- Cheers, Carlos E. R. (from openSUSE 15.2 x86_64 at Telcontar)
Thank you David and Carlos and all those that replied erarlier. Sorry for the late reply, got pulled away by some personal things. Once I understood that I had to make sure my router was blocking incoming ssh, then the firewall became a lower priority. But the recommendation to learn iptables or nftalbes sounds really good. As you say, reading the documentation and getting comfortable with it is really the key - and for linux in geenral also. Best regards, Gustav.