• ohshit604@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    8 hours ago

    OpenSnitch is a nice for the desktop environment, deny by default and prompts the user when an application requests a open port, at first the prompts can get a little overwhelming given how many things want to connect to xyz server but eventually lightens up.

    • prenatal_confusion@feddit.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      27 minutes ago

      I really dont like the idea that a program on my local os doing things I don’t want it to do and the only thing stopping it is a software firewall.

      If you don’t trust the platform then you shouldn’t be using it. No bandaid like antivirus or firewall can help with that.

    • Jason2357@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      3
      ·
      7 hours ago

      Its a little annoying on Linux but I wonder what it would be like on Windows.

      • ohshit604@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        2 hours ago

        The firewall is annoying? I would argue and say the firewall is protecting your computer from connecting to a rouge server, annoying or not it’s better than some douche abusing an exploit in your system.

        • lemonuri@infosec.pub
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 hours ago

          Simplewall works great, it’s open source. And yes, there are a couple of million requests made by windows apps alone, which are completely fine to block. Simplewall also blocks windows telemetry. I have to use win11 at work and it’s an absolute ahitstorm of network requests that you don’t get to see when using windows firewall.

          Glaswire looks beautiful and functions well, but you will hit the paywall after a couple of weeks (I used this on the around 2010 I think)

  • hypna@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    8
    ·
    8 hours ago

    These firewall tools are interesting, but I honestly haven’t needed them in years. The premise is a little out of date. Who puts cloud servers on the open internet these days? Everything I see uses a public load balancer and a WAF service.

    • 0x0@infosec.pub
      link
      fedilink
      English
      arrow-up
      17
      ·
      8 hours ago

      Sure, but what if youve configured your waf or w/e incorrectly, what if someone gains access to another part of your network? Having sane firewall settings is always better than none at all.

      • hypna@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        1
        ·
        8 hours ago

        All the cloud services I’ve used had virtual network firewalls for internal traffic. Security Groups for AWS, Cloud Firewall for GCP, etc. That’s typically how lateral traffic gets managed. Defense in depth is good, but as I said I haven’t used host firewalls in forever, and we get audited for security certificates every year, and no auditor has asked about them that I recall.

    • Jason2357@lemmy.ca
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      7 hours ago

      A lot of people host websites created with a static site generator just fine without that extra layer. Unless your site has expensive to generate dynamic pages, lots of video content, or deep changelog pages (wiki history or forge commit diff’s publicly available), it makes a lot of sense to keep it simple.

      Putting everything behind Cloudflare is just cargo cult behaviour and learning all the ins and outs of it isnt any harder than learning a firewall (which is transferrable knowledge that can also protect your machines from each other).

    • eleijeep@piefed.social
      link
      fedilink
      English
      arrow-up
      6
      ·
      8 hours ago

      If you’re trying to be cost-effective, renting a VPS for a fixed term instead of using a IaaS platform that provides all these things just by clicking a checkbox, then caring about your firewall is a necessary part of building the system image that you deploy. You can of course set up your own private networking between systems and build the same type of architecture that a IaaS would provide, but to do that you’re going to need to understand everything about linux networking and netfilter already.

      • hypna@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        8 hours ago

        Maybe that’s the context. All of my cloud hosting work is very large corporate systems in the big three clouds. You’re talking about Hostinger or Scalahosting type services, yes?