[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Multiple conflicts between firewall configuring packages (policy change? mass bug filing?)

In Debian (woody and sid) we have multiple firewall configuration
packages: iptables, firestarter, gfcc, knetfilter, easy-firewall,
firewall-easy to mention a few. All of them make use of the kernel
firewalling code.  However, if a user installs more than one of them he
might get into _Big_ trouble due to all trying to add their own rules.

He can either:
1.- get the rules of the latest firewall script that runs from init (if it
flushes the previous rules)
2.- get a mixed setup of rules.

¿Shouldn't there be a way for these firewalls to cooperate so as to not
get users into trouble?

I can think of one way to do so through virtual packages. By making a
package Provide: and Conflict: with 'firewall-configurator' for example,
we can prevente users for installing more than one firewall package. But
this might not be enough for some situations (bastille, for example can or
cannot provide a firewall depending on user's configuration).

¿How should we proceed (policy-wise) on this?



Attachment: pgpIz0rs5nmkQ.pgp
Description: PGP signature

Reply to: