I haven’t looked around that much in years beyond NixOS, what else has MAC by default these days? I remember a lot of the Debian based ones having some things constrained by AppArmor, but I personally prefer SELinux and it wasn’t everything.
I don’t know if it ships with a firewall, but that’s definitely easier than an ad hoc SELinux setup. I always just transfer my iptables (nftables now) rules over.
I haven’t looked around that much in years beyond NixOS, what else has MAC by default these days? I remember a lot of the Debian based ones having some things constrained by AppArmor, but I personally prefer SELinux and it wasn’t everything.
I don’t know if it ships with a firewall, but that’s definitely easier than an ad hoc SELinux setup. I always just transfer my iptables (nftables now) rules over.