Debian 11 and iptables
Hi there,
AFAIK iptables is installed by default by the debian installer up to Debian 10
Buster.
I would like to start exploring dropping the iptables default for Debian 11. I'm
referring to don't install the package by default in any way:
* not as part of the base operating system
* not in any task by tasksel
* downgrade priority/importance of the package (currently Priority: important)
If we still need a default low-level firewalling tool installed by default I
would suggest we switch to nftables. Also, firewalld should be considered as a
sensible wrapper at this point, more or less in sync with what other distros are
doing.
So my proposal would be to do something like:
* raise package priority of nftables
* include nftables in debian installer/base operating system/tasksel
* introduce firewalld at least into desktop tasksel tasks
regards
PS: By default Debian Buster already uses iptables-nft, a version of iptables
that uses the nf_tables kernel engine.
Reply to: