Firewall on Primo?

I want to know if installing a firewall (and of course using it) on a Primo will work correctly? Recommend:
$sudo apt install ufw
$sudo ufw enable
and then of course enabling whichever ports are needed? What would these be?

I would expect your edge device to already have a firewall right? It would be a VERY BAD idea to expose Volumio as an edge device – it’s running on a really outdated Debian version and has not even had any security patches since Jessie went EOL back in June 2020.

For a list of ports, I’d advice getting in touch with the official tech support contact techsupport at volumio dot org to figure out myVolumio’s port requirements.

ashthespy: Thanks for your very accurate description. Yes the Primo is on my internal network. The edge device is a pfSense box. Oh yes; I seen the devs post about not running apt update and how this will break mpd. Yeah, not like that fact I am running a device at risk. That’s why I was going to add a layer onto it (host firewall). This would lessen the potential attack surface. Ciao.

Hmm, do you not trust your LAN?

A host firewall on a Volumio device doesn’t make much sense to me – you would need to open up port 80 if you want the webUI, and as webUI isn’t password protected, it is pretty much game over.
OTH, you could however block port 22 and disable ssh.