Nope, workstation is for providing (some) services. When You have a pure desktop that only connects to elsewhere, but never gets connected from elsewhere, then "client" would be the type.
Well, not necessarily. In this case ftps access is required, though it's not clear where the website server is, local or remote.
Workstation doesn't
have to offer any services at all, in which case it's just a client but using stateful rules, with the ability to easily add services as required, either for outside and/or inside clients.
If you have some smarthome gadgets or stuff like that which needs to connect to your desktop, you can additionally allow these with something like firewall_client_net="192.168.0.0/24"
. Otherwise only connections initiated from your desktop are allowed (these are always allowed).
Though 'client' itself allows port 25 mail access in from anywhere, yet allows NO icmp at all, whereas workstation allows 'mandatory' icmp, plus ping, but (eg) mail would need adding - but it doesn't require modifying to add services.
No icmp is a real fault in both client and 'simple' rulesets, one that I fixed in modified 'simple' rulesets ever since our first little router/server with dialup clients back in '98.
Type workstation
is only when your machine shall be reachable from the internet, e.g.. is accessible per ssh from somewhere/anywhere.
I don't understand why you say that; I've heard noone else do so. Both mer and I are merrily using it on systems that offer services - in this case only SSH - to other clients on the local LAN. It doesn't offer NAT.
Edit: I don't know what ftps is and how that works. I find it in services
Code:
$ grep ftps /etc/services
ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
ftps-data 989/udp
ftps 990/tcp # ftp protocol, control, over TLS/SSL
ftps 990/udp
so if this works like the original ftp, then it will need some port opened and probably a
workstation
configuration. (I try to avoid these things and copy thru firewalls with plain https or ssh)
/etc/services is way out of date about some things. Google "ftps vs sftp". services has sftp as Simple File Transfer Protocol on tcp+udp port 115, but for the recent decade? it's Secure FTP on the SSH port, default 22. I prefer SCP to my remote server, on an obscure port, because it can preserve perms and modtimes.
AndFTP is a great Android FTP, SFTP, FTPS and SCP clent, btw.