profiles: Add nftables and Firewalld service

archlinux / archinstall

Arch Linux installer - guided, templates etc.

GNU General Public License v3.0

5.82k stars 509 forks source link

profiles: Add nftables and Firewalld service #2461

Closed EliasTheGrandMasterOfMistakes closed 2 months ago

EliasTheGrandMasterOfMistakes commented 2 months ago

This include a nftables and firewalld firewall packages for improve security on daily usage

PR Description:

Add Firewalld service and nftables to provide a firewall. This fixes unsecure installation without firewall

Tests and Checks

i think is not necessary a installation test

Torxed commented 2 months ago

I think we'd like a separate profile for this, rather than inject it on all desktop profiles (even tho, I agree, this would raise the minimum level security of desktops).

But consider users selecting the server profile. We'd want to increase security there too.

So ideally, what we would like is a separate "security" profile - and allow multi-select on profiles so that people can select:

[x] Desktop
[x] Security
[ ] Server

(Just as a crude example)

dylanmtaylor commented 2 months ago

I think this is too opinionated. There are multiple competing ways to set this up, like ufw for instance. Firewalls could be a post-installation configuration item for the end user.

Torxed commented 2 months ago

I agree, for now I'll close this in the current form it's implemented.