Good day, I have being enjoying Bazzite for 5 months now. It made me settle after trying several distros. I am wondering if it is possible to add a built-in firewall like Safing Portmaster. I tried to install it via rpm-ostree but never worked out, it says something about read-only filesystem. I do not want to mess with the distro too much.
It seems that someone find out how to install it on immutable distros with a script, still would like to read opinions from Bazzite devs.
There is also OpenSnitch. I don’t recall it installing to /opt so it should be safe.
+1 for OpenSnitch, I installed the local .rpm from their Github via rpm-ostree and it seems to be working fine so far.
Just wanted to thank you for referencing that script. It worked like a charm on Bazzite, but I followed someone else’s instructions in that thread to remove the “–show-progress” portion of the wget lines. Boom, went right through and worked fully right after rebooting.
In that case, since Safing Portmaster is a notable Linux content creator sponsor and thus would be quite known by a subsection of Linux user, would it be worth it to add the customized script into ujust/yafti?
Don’t know who to tag here about ujust & yafti (or Bazzite Portal), though.
This seems like it would be a great idea for Bazzite!
Thank you!
People sometimes complain that they can’t randomly use instructions on the internet on our systems.
This is usually listed as a “con” when we clearly see it as one of our best features! Our users will never have to deal with this! 
Bazzite has a firewall by default.
It’s called firewalld
You can whitelist services. You can change the default profile. It works on a per interface basis as well.
I was not impressed by firewalld !! It was Too complex to carry out simple firewall functions That I can do in Seconds on GUFW!!