RavenLX wrote:I have read that there is a built-in firewall that is turned on by default in Linux, and that the GUI is basically just an IP Tables configuration interface, and that it's use isn't necessary for good security. Am I right in assuming this is correct?
Ip Tables is always running and it blocks all incoming probes - unless you install something that listens in on certain ports. That's the confusing part. Ufw is a command line tool that adds or modifies the rules that ip tables uses and Gufw if a graphical front end to ufw. Whether or not ufw / gufw is necessary for "good security" depends on what kind and how you are using your computer.
If you have a desktop computer behind a router then the outside world doesn't know you exist. All it sees is the router. All communication that takes place between you and the outside world goes through the router's NAT layer that hides your internal ( LAN side ) ip address. That doesn't prevent you of course from using ufw to block everything anyway but then you have a dilemma.
Let's take Samba as an example - and this would make more sense if you were using Ubuntu since it doesn't install Samba by default. Before samba is installed the ports it uses are effectively closed. Install Samba and the ports are open. Use ufw to close all ports and you just shut down Samba. So what do you have to do? Open the samba ports up again. You're in a logical loop.
Have a laptop and things change a bit. When the laptop is home behind your router things are fine but when it's out and about you might be vulnerable depending on what you installed on it. One thing you can do is set up a bunch of rules to secure yourself outside of home and then enable ufw to implement those rules ( sudo ufw enable ). When you are home disable it ( sudo ufw disable ).