Essentially, #gentoo firewall, based on #iptables concept and solution is primarily considered as working, like already published approach employed techniques and tactics. Although it lacks distro based #ELK stack and 3rd party overlays are required for this (unless the developer wants to build all them from source, including #sysd units), #NFLOG protected – dropped TCP/IP packets are monitored by #ulogd daemon stored log files, and actual ‘curl -I localhost’ won’t work, in case httpd port is forbidden. In real world it’s forbidden only to outsiders, leaving laptop operating status with the httpd server. But, judging (evaluating) from economic perspective, especially from business economics (small business), it’s nevertheless a dilemma about SUSE distro. It’s, as noted by #LinkedIn news feed, more liked (and even required to be tech savvy with it) by UK PHP agencies (via recruiters posts), so for a developer moving to UK (and relocating) a more innovative, agile, comprehensible and down to earth side in this instance is to get closer to it (OS), especially when landlord cuts off electricity upon #gentoo update (taking 24 hours) crashing the whole OS irreversibly.
Working with openSUSE for a couple of years (or so) it’s payed off largely, of course, laptop scope, not measuring by bank transactions (#EUR/#GBP ..) scale – ensuring stable running laptop, with networks fluently connecting, backups – snapshots – storing smoothly and in general #LAMP operating successfully. Furthermore, it possesses #ELK stack installed from its official repo. Therefore it’s undoubtedly a smart move to a world recognized one of famous #linux distros in effect on a laptop. To be precise, a cognitive response to destroyed #OS by the landlord, having indebted bank account, no future job prospects and forceful return to home country – #Lithuania – after had developed multiple LAMP projects on site full time and contracting in #London – was those conditions impressed (and London market prone) #openSUSE with an upgrade to #SLED vector internship.
At this stake #firewalld is stopping running, leaving insecure the whole dev dependent (and financed) #SME. To be short, it wasn’t nothing else, but a distro upgrade (15.1) feature, abating #SuSEfirewall2 and friends, and moving to this new daemon, however, not interacting with GUI (not responding) and #iptables rules not applicable (not applied by 10+ tries). In this sense, as iptables doesn’t ship with #sysd units (they are custom/distro incorporated), tremendous investment into #netfilter dashboards (by customizing w/ #R&D source build to include #sysd units or even in general reinstalling #gentoo backwards – again) is somewhat ridiculous, futile, if not immensely weird. In a sense, it’s then #Trello archived card, theoretically enabling server (#lamp) #interoperability, but leaving behind taxed corporate profit, called linguistically in popular terms #SME profit margin turnover surplus, simply sinking the whole capital investment down to the bottom.
Proven or not, this generic concept of NAT rules applied to a laptop via scripting rules (dedicated sensible amount of time) is nonsense, i. e. not grounded. The first condition for that is (home) office with power supply, another one – non reactive response to business environment up to a scale of replaced OS distro, i. e. it remains intact.
Edit: aforementioned #OS retaining #CI (in economic terms – business/#SME continuation) has been implemented also as #gentoo #gnome switch to #suse based #gnome, nothing miraculous, just a thesis in 3 colleges cross 2 countries.