On Mon, Jun 06, 2005 at 10:57:50PM -0400, Grzegorz B. Prokopski wrote: > My impression was that firewall setting is generally a messy business, > because there's too many packages that mess with it, usually assuming > they're the only ones who touch it. This was, I think part of the > reason why /etc/init.d/iptables was removed (I still use it on all of > my old and newly installed machines, btw.) But maybe I am wrong and > somebody else could provides more details here. Actually, that's not why iptables's init script was removed. Firewall packages (shorewall, bastille, knetfilter, guarddog, etc.) provide their own firewall handling code, they don't use the 'iptables save' functionality the iptables maintainer provided in previous releases. In any case, no sysadmin should install conflicting firewalling code. I was considering asking debian-policy to add a 'firewall' virtual package so that all firewall packages Provided: it and Conflicted: with it. > > - inetd begone! -> xinetd (better mechanism to control DoS, privilege > > separation, etc.) > > IIRC a mechanism for *netd switching had been discussed in Woody times, > then waited for Sarge and I believe we already had some preliminary > implementation but it's still not finished. Other distros like PLD had > that years ago, btw. There's preliminary implementation for the switch but the management tools (i.e. netbase's update-inetd IIRC) need to be handle xinetd too (see #8927, #10059 and #25816). > > - Separate runlevels: 2 for multi, no net, 3 for multi no X, 4 for X, 4=5 > > Do we really need that? I thought I could always Yes, IMHO we should use the LSB levels. > > - Better package search mechanism (tags?) allowing free text search > > in package management interfaces: "I want a program that does X" > > Doesn't 'apt-cache search X' do exactly that? No, it does not cut it. I will answer this in depth in a separate e-mail. Regards Javier
Attachment:
signature.asc
Description: Digital signature