Dan Ritter wrote: > After install you have a powerful L3 firewall system available to > you, but not configured to block anything. > > There are two command-line interfaces to it, iptables and > nftables. nftables is the newer interface, but iptables has more > documentation written. > > You also have options to install other interfaces to the system.
I've been struggling with those for years and tried many tools ... at the end I ended up with shorewall. While most of the tools target a single host - perhaps desktop or notebook computer. I also needed flexibility and simplicity configuring a firewall with 3 interfaces (DMZ, intranet and internet). I must admit that shorewall beat it all. So while some distros like RedHat offer active firewall per default, Debian gives you the choice what system you will choose to manage the firewall. It is matter of philosophy and I allow to speak for some of the users here, that we really appreciate this philosophy of choice. I don't know about Ubuntu, I would expect it would have a preconfigured firewall and some kind of Gnome interface to it. regards
