it has per-app rules, and can show a popup for programs that don’t yet have a rule. you can also limit the access by time, destination, and port
DKMS is setup, and I still have to plan my kernel upgrades due to the compilation time.
in my experience every kind of update requires planning and a reboot because incompatibilities between new libs and already running older programs will cause problems. but DKMS may help in making it less of a work
netfilter, iptables, or one that is based on them
that’s right, but it has an official GUI: https://firewalld.org/documentation/utilities/firewall-config.html
it has per-app rules, and can show a popup for programs that don’t yet have a rule. you can also limit the access by time, destination, and port
in my experience every kind of update requires planning and a reboot because incompatibilities between new libs and already running older programs will cause problems. but DKMS may help in making it less of a work