I did a search on here, but not much turned up about this. Perhaps my searching methodology leaves something to be desired.
I was wondering if there is really any point to running a software based fire wall like iptables, or the like, when my router has a built in hardware based firewall that comes up as 100% stealthed on grc.com and passing all test with perfect scores.
I would think that it's a bit extraneous to do so. It's definitely more work and more troubleshooting if something is getting blocked that I need to let through. I've heard it's a good idea to have both when running Windows, but as we all know that is kind of a whole different can of worms considering how insecure and virus prone it is etc.
Correct me if I'm wrong, but the only advantage that I could see to utilizing IP tables when a person already has a good hardware firewall is to block certain outgoing ports completely. This sort of setup would seem good for extrusions (i.e. one were running a trojan horse or rootkit and didn't know it). The other advantage I could think of is the logging of iptables which can be both a blessing and a curse depending upon how you look at it. I've noticed that iptable's logging takes alot of fine tuning between having the right balance of enough logging but also to not have too much. Seems that usually it tends to make system logs harder to read with trivial warnings that usually relate to "normal internet noise" (at least that's what I thought they were, but those messages generated by iptables can be a bit cryptic to someone who isn't a networking guru IMHO).
Keep in mind that I'm talking about a system for Desktop use where I haven't enabled any daemons or servers than the default from Arch's install. Which thankfully seems pretty minimal from what I can tell. What a breath of fresh air from more bloated distros.
I would like to hear any opinions or thoughts about this. If there is thread here with this topic already, sorry for the clutter. If that is the case, perhaps someone could point me in the right direction since I didn't seem to have much luck finding such a post.
You should be fine without using iptables, especially since you don't seem to have any services running. It wouldn't hurt to learn it if you have the time, though.
I think technically a hardware firewall should be called a firmware firewall - my router, for example, has a built in firewall.
If you plan to open ports on the hardware firewall then use iptables too - else, don't bother, unless you want to restrict access out of your network, which the hardware firewall isn't really for...