In Debian (woody and sid) we have multiple firewall configuration packages: iptables, firestarter, gfcc, knetfilter, easy-firewall, firewall-easy to mention a few. All of them make use of the kernel firewalling code. However, if a user installs more than one of them he might get into _Big_ trouble due to all trying to add their own rules. He can either: 1.- get the rules of the latest firewall script that runs from init (if it flushes the previous rules) 2.- get a mixed setup of rules. ¿Shouldn't there be a way for these firewalls to cooperate so as to not get users into trouble? I can think of one way to do so through virtual packages. By making a package Provide: and Conflict: with 'firewall-configurator' for example, we can prevente users for installing more than one firewall package. But this might not be enough for some situations (bastille, for example can or cannot provide a firewall depending on user's configuration). ¿How should we proceed (policy-wise) on this? Regards Javi
Attachment:
pgpIz0rs5nmkQ.pgp
Description: PGP signature