On 27/02/2019 12.12, Anton Aylward wrote:
Yes there were certainly a number of systems that wrapped Shorewall into a very nice application for a dedicated box. I was never enamoured with the idea of 'personal firewall' on each machine, since I'm a bit old school and agreed that the 'firewall as the networks response to poor host security', the quote some guru or other.
But that was then, this is now; many individuals at their workstations are either idiot or had a passing bout of idiocy that opened them to an attack. They too need to be either isolated or given a 'personal firewall'.
Then, too, there are the 'single machines on the net', users.
So not I think differently. Professionally. But here I have a number of layers before getting to my host, and a lot of my processing isn't done on my host.
Remember that in a today's house there are a lot of gadgets with Internet connectivity that we don't control fully. Say, the fridge.
Have you looked at https://software.opensuse.org/package/gufw
My setup is not simple. My desktop firewall opens certain ports to only certain IPs, so that a visitor would not get automatic access. I don't see that feature in firewalld. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)