Firewall check expects ufw or firewalld

[fmarier]

(Originally from #36) The firewall check expects firewalld, or ufw, which are not necessary to set up a firewall, so the check fails if neither are used, but a firewall is active.

Additionally, the error message is different (paretosecurity 0.0.58) between running as a normal user:

$ paretosecurity check
  • Starting checks...
...
 ✗  Firewall & Sharing: Firewall is on > 

v. running as root:

$ sudo paretosecurity check
  • Starting checks...
  • Failed to check firewalld status                 error=exit status 3 output=inactive
...
 ✗  Firewall & Sharing: Firewall is on > Firewall is off

[dz0ny]

The docs that are being written are for more general use cases, where users will not configure custom firewall rules as that would create chaos if you want to support all distributions and use cases.

So instead, a frontend is used either ufw or firewalld and maybe https://github.com/evilsocket/opensnitch, but it again seem too noisy for normal user.

Both have a common way to deploy one rule that blocks incoming connections that is persistent and easily checkable. nftables when using the same config, won't without issues apply to all devices.