Would like to dump FirewallD for UFW

New user here. Been luxuriating in this distro 2 weeks now with intentions to stay. Not a hopper. Your documentation is so good I really haven’t had any hurdles. All this neither here nor there, let me get to my point.

Is this (“Would like to dump FirewallD for UFW”) a reasonable position for this distro? I don’t like the zones, I ripped SSH out of all of them, more to come. I have a home desktop and this is overkill to me.
Or should I keep an open mind about this?

I come from a single distro since 2017. I’ve always, in UFW, allowed outgoing, denied incoming, and had no other rules, no ssh, no plug and play or bonjour. This has always served me well.

I guess my real question is: is this a reasonable desire of mine? Is there something I’m not getting about Endeavour’s default FirewallD? Or something–likely–I’m not seeing about the big picture when it comes to a firewall?

All points of view appreciated. Thank you. (edit/wordy in a couple places)

I think that UFW uses the older iptables whilst firewalld uses the newer nftables?

The default setup of firewalld in EnOS is quite safe as is. If changes are necesary, one just needs to learn a new GUI to get want you want.

Pudge

EDIT: I tried to verify that first statement, but a quick duckduckgo did not come up with what I was looking for. So take it with a grain of salt for now.

It is your system. If you prefer ufw you can simply uninstall firewalld, install ufw and enable it.

Firewalld is a much more powerful firewall IMO but if it doesn’t meet your needs, do whatever you prefer.

It won’t cause any distro related issues to remove it. We aren’t the kind of distro to require to use the tools the system pre-installs.

thank you. I’ve seen this information where 1) ufw was a front end for iptables only and I’ve seen 2) that ufw was a frontend for both iptables and nftables. Depends on the source you are right.

ufw is a front-end for iptables but there is an iptables compatible interface to nftables so technically ufw can sit in front of nftables.

we all got hangups man:) Mine is I always try to abide by what the creators intended when it comes to their distro (meaning no dramatic changes).
If you think I am selling firewalld short then I will try to learn more about it. appreciate the input.

compatible interface like a plug-in? or in settings? sorry, I should be doing my own research, just wondering if you knew off the top of your head

It is a package. It is probably installed already. I am not in front of my pc but I think it something like iptables-nf or similiar.

thanks—I will tinker about now

You probably found iptables-nft already (just clarfying the name here).
Happy tinkering!

They are both active and I kept them both for now. I have not run into conflicts/problems (yet).

It’s way too awkward to give my own post ‘SOLUTION’ tag so I can’t. But this is solved.

I’d recommend not running them both at the same time.
Basically they both do the same thing, so you’ll need only one.

About the solution, you might consider changing the heading of this thread by adding something like
[Solved by #<post-nr>] where (possibly multiple) <post-nr> is the post number that you feel were the answer(s) that lead to solving this.

noted, thank you. I have heard mixed things about enabling both firewalls so probably won’t. Think FirewallD will disappear when I’m confident about it:).

Just in case you were looknig to switch from FirewallD to UFW there is an article here on Discovery:

https://discovery.endeavouros.com/network/firewall/2021/03/

Actually UFW can utilize both iptables and nftables.

Source:

https://wiki.archlinux.org/title/Uncomplicated_Firewall

Note: It should be noted that UFW can use either iptables or nftables as the back-end firewall. Users accustomed to calling UFW to manage rules do not need to take any actions to learn underlying calls to iptables or to nftables thanks to nft accepting iptables syntax, for example within /etc/ufw/before.rules.