While experimenting with my approach to "secure" computers, one of the key ingredients is reducing the attack surface as most as possible, and unfortunately, one big attack surface of any Linux-based deployment is the kernel itself. Thus, one of the first things I've done is to configure and recompile my own extremely stripped down version of the Linux kernel (based on the latest LTS branch).

Among the kernel features that were removed was also a very important security related subsystem, namely the Linux firewall netfilter (or iptables the old version, and nf_tables the new version).

Why remove the firewall subsystem when it's essential for security?