[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Debian 11 and iptables



Hi there,

AFAIK iptables is installed by default by the debian installer up to Debian 10
Buster.

I would like to start exploring dropping the iptables default for Debian 11. I'm
referring to don't install the package by default in any way:

* not as part of the base operating system
* not in any task by tasksel
* downgrade priority/importance of the package (currently Priority: important)

If we still need a default low-level firewalling tool installed by default I
would suggest we switch to nftables. Also, firewalld should be considered as a
sensible wrapper at this point, more or less in sync with what other distros are
doing.

So my proposal would be to do something like:

* raise package priority of nftables
* include nftables in debian installer/base operating system/tasksel
* introduce firewalld at least into desktop tasksel tasks

regards

PS: By default Debian Buster already uses iptables-nft, a version of iptables
that uses the nf_tables kernel engine.


Reply to: