Firewalls are absolutely essential, but you're thinking about them the wrong way out of FUD.
You know that certain blocks of IPv4 addresses are infamous for malware, but do you know their IPv6 counterparts? What if your neighbor's computer is infected with the latest and greatest zombienet? Heuristic blocking is far superior in that regard.
Install fail2ban and you will have inbound heuristic blocking. It looks at your system log files and applies clear rules for temporarily banning misbehaving IPv4 and v6 addresses. You will see lots of script-kiddie-style attacks and not much else. Because in the real world, most inbound malware are automated probes by people looking for known points of entry. Block them and you block almost all inbound malware. Further, it uses IPTables to execute the blocks, so it is transparent AND doesn't add another layer of cruft.
Your best protection from outbound malware is still good computer hygiene. Failing that, you can use the GUI's, but there is a reason they are not that common. It's because there isn't a culture of making malware for Linux (outside of server deployments). A note of caution - feel free to block ICMP, TCP and UDP traffic, but do NOT block Sockets traffic, or you will cry as your logging shuts down and the GUI fails in weird ways. Linux counts them all as equal network traffic.
Slashdot Mirror
Firewalls are absolutely essential, but you're thinking about them the wrong way out of FUD.
You know that certain blocks of IPv4 addresses are infamous for malware, but do you know their IPv6 counterparts? What if your neighbor's computer is infected with the latest and greatest zombienet? Heuristic blocking is far superior in that regard.
Install fail2ban and you will have inbound heuristic blocking. It looks at your system log files and applies clear rules for temporarily banning misbehaving IPv4 and v6 addresses. You will see lots of script-kiddie-style attacks and not much else. Because in the real world, most inbound malware are automated probes by people looking for known points of entry. Block them and you block almost all inbound malware. Further, it uses IPTables to execute the blocks, so it is transparent AND doesn't add another layer of cruft.
Your best protection from outbound malware is still good computer hygiene. Failing that, you can use the GUI's, but there is a reason they are not that common. It's because there isn't a culture of making malware for Linux (outside of server deployments). A note of caution - feel free to block ICMP, TCP and UDP traffic, but do NOT block Sockets traffic, or you will cry as your logging shuts down and the GUI fails in weird ways. Linux counts them all as equal network traffic.