I just moved over from Windows and MacOS to a good old trusty LinuxMInt. All my usual software works a treat and i was surprised to find a native remote app for Roon (Comunity Remote)
Roon Server works on my LInux install - only one problem in order for it to work i had to turn Mint Firewall off entirely. I tried creating rules for the usual ports mentioned here (9030 i believe) but no luck. If i turn it off is great.
Any advice for a complete newbie on Linux? I would like to turn the firewall back ON.
I am considering purchasing a Nucleus but if i can make my current PC work maybe we can hold off that purchase for a while. Plus my current PC with a Ryzen 9950X and 32GB RAM i think is better!
Do you need the extra layer of security on the Linux box, i.e., is a software firewall necessary? For instance, is the machine running any services accessible inside or outside your private network, e.g., SSH, Samba etc.? If so, consider general hardening of the server and services instead.
If you want to run the firewall, advanced configuration is necessary, and this isn’t possible using UFW alone. You’ll need to edit UFW scripts and set up iptables.
Of course, Windows or teenagers on the same network may need a different approach.
Note that neither Nucleus nor ROCK has a firewall.
Interestingly neither my Mac or my older Windows PC had their firewall turned on. Occasionally I had to forward some ports on my router for emby and RoonArc for example.
This machine is running Plex, Emby and Roon but other than that no other services.
I am happy to leave the firewall off then for now. My actual NAS is pretty well protected from the outside world and I suppose there is always the Asus firewall on the router itself.
But certainly some room for improvement on RoonLabs side perhaps?
Thanks again for the reply. Happy to delay my Nucleus purchase for a little bit longer.
Roon OS is a bespoke Linux, which is hardened, and is for all intents, an appliance. Your home network is already protected by the router firewall, so the greater risk is from inside the network, e.g., phishing or Windows viruses.