I’m trying to open a port for transmission but before I get to know either of the 2 options I’d like to know what you recommend and why.
OS is xubuntu 24.04
if you use docker, docker ignores ufw rules
deleted by creator
Thx for the correction
It’ll also ignore the default firewalld rules. IIRC it uses the
internal
zone insteadGood to know, thx
I like firewalld. Its also used on many enterprise distros (RHEL, SLES).
But if you just have to open one port for something, just use what’s installed on your distro.
deleted by creator
Firewalld had, at least last time I checked, way more capabilities than UFW. Both are fine at being basic firewalls, but I don’t think you can build a router using just UFW.
Firewalld allows some pretty advanced rules. I use it to redirect a bunch of web requests going to a certain address over a local ssh tunnel.
deleted by creator
How often are you going to be managing ports?
Just use any tool you like, all they do is fiddle with the Kernel’s filter table.
@merompetehla UFW and firewalld provide a higher level of control, which means that they are quicker to learn, easier for simple tasks but harder to use in more granular levels. Their setup is translated into iptables rules at the end. With Iptables or its successor Nftables, you’ll need to invest a bit more time to learn but have a more granular level of control at the end. I hope this helps.
You could use it together with opensnitch
IMO firewalld because it’s going to be more portable knowledge.
OS is xubuntu 24.04
Ubuntu defaults to ufw. That, by itself, justifies the use of ufw in your case.
I found firewalld had so many options that it was a bit overwhelming at first, especially understanding how zones were actually meant to be used, and how each zone had a default handover for the unhandled traffic. But OpenSUSE has a GUI for it so I was able to make sense of it. UFW seemed pretty user friendly and atraight forward.
Network Filter Tables (NFT) is the current system. https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
I like iptables + opensnitch