Should I use a firewall on Linux laptop? (specifically for travelling)

I’m planning to travel next week and I’m using a laptop with openSUSE Tumbleweed. On my other devices, I use Mullvad VPN, but I haven’t been able to get it working on openSUSE (even with doing the WireGuard configuration steps from Mullvad themselves). I also use Pi-Hole with dnscrypt-proxy.

Also, I’m not an expert when it comes to Linux and cybersecurity/privacy.

Would installing and configuring a firewall on my laptop be beneficial for my travel?

Yes. It is good to disable unnecessary ports to reduce attack surface. See SkewedZepplins post here:

1 Like

Awesome, thanks a lot for this.

I just installed firewalld and by default it is set up as a public zone. If I’m at home, I guess I can change the zone to the predefined “home” zone?

For the VPN part, you need to generate a WireGuard profile on the Mullvad website with your account number. Then on your desktop you can import that profile straight in the network manager without configuring it manually.

note: be sure wireguard-tools are installed, i’m not sure it’s standard available.

sudo zypper install wireguard-tools

You can import Wireguard configuration files (usually ending in .conf) in the Network settings in KDE System Settings.

Where in the Network settings do I import the config file?

KDE Settings → Wi-Fi & Networking → “+” → Import VPN connection → select .conf file → Create

Alright, I get the gist of it, thank you for the help!

Although, I am assuming that I insert the .conf file into my Wi-Fi. I’m just wondering, would I have to manually insert the config file for every Wi-Fi that I connect to?

The easiest way to automatically connect to the VPN independent of the WiFi network is: in the network settings, click on the VPN connection you just added → General configuration tab → Connect automatically with priority: -1

(This -1 means to connect automatically but with lower priority than the Wi-Fi connection itself which by default is priority 0)

If you restart it should connect to the WiFi and then the VPN

Hmm, seems like KDE won’t let me save the changes when I change it to -1.

I still appreciate the help with this, thankfully I can do this without hassle.

Public zone is usually fine for most home users, too. You can look at the allowed services and ports of both zones to see the difference.