Do I need a firewall anymore?

[don quixada]

Hi folks, I've had a firewall on my Linux machine ever since, more than 20 years ago, my RedHat box connected via dial-up was hacked. Since then, I now have a much more sophisticated LAN including a dd-wrt-based router with a built-in firewall. Lately I've been having trouble with communicating with other machines on my LAN. I've found that if I turn off my firewall on my Gentoo box things work smoothly. This got me thinking, since I already have a firewall on my router, do I even need a firewall on my local Gentoo box anymore? I have no concerns about security within my own LAN (i.e., no one in my household will be trying to hack the Gentoo machine). My router's firewall is pretty locked down and only select ports are open and there is DDOS prevention turned-on along with other security measures.

Is there anything else I should be considering before I disable my firewall (shorewall) permanently?

[eccerr0r]

technically you don't need a firewall, it's solely to minimize your attack profile in case you have bad software (mostly services, but if you have a proxy firewall, also against bad client software) on your side of the network. If you're vigilant about updates, this should mostly be sufficient.

I don't believe I've been hacked ever since I was on my own network (i.e. nobody that's not myself able to packet sniff my network) but however I've been probed for exploits in httpd and other stuff, and I haven't run a firewall on my main server for years, mostly because of that, it does interfere or at least make things harder to do remote access.

Uo to you. None of my internal network machines are firewalled against each other, but are behind NAT (except my guest wifi network, that is firewalled away) and has been like that for years, and things have been going hunky dory...

... Then again who knows, maybe I have been hacked again and just don't know it... at minimal I don't believe I'm a command control center (nearly static ip is valuable for that), my network speed is so poor these days that hackers would have little to no value in my machines.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?

[pietinger]

don quixada,

IMHO a firewall is only one piece in a chain of security solutions. Do you use other pieces also ? (SELinux or AppArmor, IMA, hardened Kernel, ...)

As @eccerr0r mentioned before a firewall CAN TRY to protect you against outgoing traffic from "bad" client software, but you have to watch the log-files. Example: If you allow HTPPS to every server in the internet, an "evil" software can use this open hole also. You will need an additionally proxy server and you must check the log-files. Without this filtering outgoing traffic is ... senseless ...

(I dont speak about incoming traffic; here a firewall in your router is sufficient; only paranoid people - like me - want an additionally personal firewall on each client ...)

[Goverp]

[pa4wdh]

[NeddySeagoon]

don quixada,

My firewall mostly stops untrusted devices phoning home.
Think Android, Smart TVs, Windows and so on. It also keeps the trusted (Gentoo) devices separate from the Untrusted devices.

A firewall is about making it difficult for nasty things to get in but that's covered by not running services you don't need and keeping the things you do need up to date.
It also helps limit the damage that nasty things can do if they get in. That's assuming that your firewall is paranoid.
Everything is denied except things that are explicit permitted, in both directions.

Its only one line of defence though. noexec,nodev,nosetuid on /home and /tmp helps deny the nasties anywhere to execute things.

A firewall is only one layer of the security onion.
You need to determine if it has a place in your threat mitigation model.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.