Technically they didn’t name the cow… Soooo…

This is the only correct answer!

The problem with AV s/w in my experience, is that they do not work very well, and hinder the system’s functioning, because they provide duplicate behaviour of existing solutions and compete with them directly.

In one instance I discovered McAfee to disable write access to /etc/{passwd,shadow,group} effectively disabling a user to change their password. While SELinux will properly handle that by limiting processes, instead of creating a process that would make sure those files aren’t modified by anyone.

People need to understand Linux comes pre-equipped with all the necessary tools and bolts to protect their systems. They just don’t all live in the same GUI, because of the real complexity involved with malware…

Security is a process, not a solution.

Well put!

I personally do not know ufw, but if it does what it must, then you’re solid.

Linux is also about choices: do stuff the way you choose to, and makes you comfortable.

My bad! Thanks for pointing out my typo

The main one everybody uses at least from my knowledge and from what I've used over the last 13 years is UFW. That is what you want to use.

I could easily say that for firewalld… 😃

Ufw is typically available/pre-installed with Debian based systems (Debian, Ubuntu, zzz), while Firewalld is typically available on Red Hat Enterprise Linux and derivates (Fedora, CentOS, Rocky, …)

But it boils down to what you prefer, really.

I see that both UFW and firewalld are recommended... is it basically OK whichever I choose?

Yes. Whichever works for you should be fine. In the end you should be able to manage it

Yes: source

Look into restic, it doesn’t do exactly what you want, but it’s a very powerful backup server and standalone tool

edit typo

Yes, usually you configure your endpoint firewall to block incoming traffic, while allowing all outgoing.

Unless you’re in a very secure zone, like DMZ’s.

A very good point I forgot! Only use trusted software repositories!