Tried googling for this but it just keeps bringing up stuff for after login, not before. Since the firewall needs to be root I figure it needs to boot prior to the login service. I also need to know how to set the firewall UI to boot boot at login though I wager the .pofile is good enough for that.
The firewall UI is not the same as the firewall itself.
It is just the configuration tool.
Why do you think I said also?
I’d suggest using a systemd service in /etc/systemd/system. If you include a directive in the [Unit] stanza saying:
After=network.target
Then another in the [Install] stanza saying:
WantedBy=multi-user.target
it should come up pretty much as soon as the network is initialised.
I do not think that. 
What firewall are we talking about?
It was a clear indication I was treating them as the separate entities they are, did not need that tidbit pointed out to me.
Edit: Didn’t notice your question about which firewall until just now, at the time you asked that was an irrelevant detail. Now that I need help identifying how to retain the rule blocking udp 631 across login sessions that becomes a relevant detail, firewalld is what I gave systemd btw. It was what I initially had to use with sudo prior to the UI staying open (because it refused to stay open if it couldn’t connect to the service)
O.k. - bye now!
Have a look at the Arch Wiki. I usually find the easiest way to set up a service file is to use an existing one as a template then alter it to my requirements.
Thanks, I’ll do that while waiting on a possible response to my edit
Edit: do I just call it firewalld.service? Or do I need to add ExecStart=firewalld to the contents?
To have firewall up and running at boot time
sudo systemctl enable --now firewalld
2 Likes
ooh that’s much simpler, I’ll delete the service file I just made and try that instead. probably find out 2mw if it worked out
I see no reason to have a firewall gui load at login; except maybe extreme laziness. What advantage do you believe this might have?
It seems to me that a network monitor of some kind might be more useful to see which rules have succeeded or failed.
It’s not the UI that I need to boot before login, the UI was merely an off hand convenience. It was the firewall itself that I needed to auto-start so that the UDP port 631 is blocked to prevent that recently exposed vulnerability from continuing to be an issue on my system. I value security over convenience.
This then, wasn’t as clear as it might have been:
Thanks for explaining.
A well defined rule configured for the port in question, and starting the firewalld service during boot (as indicated by @linux-aarhus) should take care of that; without much of a fanfare.
Cheers.
yeah the rule was defined by the UI and I’ve already tried the command he gave which didn’t seem to have any issues despite the service already being running. I’ll see the next time I boot my laptop again which at latest will be 2mw.
1 Like
Hello, @zxuiji! You still haven’t mentioned what firewall software you were attempting to use. Notice one of our most helpful members bowed out because you ignored his question.
Please see:
There’s already an included service if you’re using Firewalld. See Firewalld - ArchWiki
See also:
It’s o.k.
I’ll try not to engage with him on any future requests there might be.
That was not my reason.
…
it’s quite hard to hold back on useful information which could clarify or even resolve the issue
@soundofthunder was very helpful, I think
Sorry, I neither meant to presume nor speak for you.
I wholeheartedly agree. Hence why sometimes I do not respond at all. 
Both you, him and quite a few others are also helpful. I’m very grateful for everyone that helps out around here.
1 Like
If you are worried about the recent cups issue … this is not the lowest hanging fruit. Nor the most effective remediation.
Even skipping to the point of ‘block udp port 631’ - I also echo other sentiments that you dont require a GUI or extra manual service for this. Set rules and enable firewall. It will start early enough.
Since it seems you need assistance with these basic tasks, and might even benefit from some further education … I’ll just leave a friendly reminder that being kind goes a long way. Others might be more willing to hold your hand if you arent snarky or rude.
I know its not always easy to remember but its all people behind these text boxes. Mostly. I think we have at least one hobbit.
PS.
In relation to the recent security scare … this thread may be helpful: