I’m considering switching to EOS on my main pc but I’ve never used arch before so there’s some stuff I don’t understand:
- On debian I use a hook so whenever dpkg is invoked I create a btrfs snapshot with timeshift. So if I break something I have a fresh snapshot from a second before instead of having to do it by hand or using scheduled snapshots. How can I do that on arch? Would it work for AUR too or only pacman?
- Why does EOS install a firewall by default? I’ve never seen that anywhere else. Is there a specific arch vulnerability that makes it necessary? Would I be ok if I just uncheck it on the installer? My network is secure and it’s a desktop pc that would never connect to a public wifi. I know it can’t hurt but having to setup firewall rules reminds me of windows.
Everything is under your control, if you don’t wish it then you can uncheck the box.
For more detailed understanding of it, see the following link :
You can do the same thing. You can write a hook yourself or just install
timeshift-autosnap from the AUR.
AUR packages are still installed by pacman so it is possible to do it for AUR packages as well.
It is possible but it isn’t a great idea from a security perspective.
The idea that having network firewall in place means you don’t need a local firewall is fundamentally flawed unless you have only a single device on your network.
I saw that post. But it assumes a firewall is necessary at all, which is confusing to me. Maybe it is for arch? e.g. what if arch opens ports that are closed by default on debian? so I think I don’t need a firewall but I do.
It has nothing to do with Arch. Running a local firewall on Debian is just as important as running one on Arch.
That being said, if you don’t want to run one, you don’t have to. It is entirely your choice.
It is not mandatory, but it is being provided from some security point of view.
@dalto nailed it quickly !!
Firewalld applet is simple even for new users. We need to only select zones which are as simple as “Home” or “Block”. That’s what I did when it was made available for first time !
timeshift-autosnap seems like what I’m looking for. Thanks!
I guess I’ll have to do more research on firewalls