Re: Nftables in jessie?

[Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>]

On 8 May 2014 19:16, Frank Bauer <frank.c.bauer@gmail.com> wrote:
> Hi,
>
> Jessie currently contains linux 3.13, which includes the successor of
> iptables - nftables.
> Unfortunately, the userspace tools (nftables) are still missing even in
> sid/experimental.
>

As Vincent Bernat said, is in NEW. Has been in NEW for a month or so.

> Is there a general plan to support nftables in jessie? As the release
> managers reminded
> us recently, the freeze will be here in no time. I believe it is essential
> for users to be able
> to test this new technology in jessie before fully switching to it in
> jessie+1.
>

Unfortunately, there isn't a 'general plan'.

I mean, the package will be uploaded and maintained. But no talk
happened about what means having nftables in Debian.

I think the following points may be interesting:
 * in which state/shape is the nftables framework?
 * what about the iptables and the compat layer? The next upstream
release of iptables will, by default, use the nf_tables kernel
subsystem.
 * what about a standard firewall service (like other distros do).
iptables also lacks of it.
 * Some bugs happened in the Debian kernel package, and the kernel
currently in Jessie comes without nf_tables enabled [0].

Thanks for your interest Frank.

I would like to hear suggestions, comments and ideas.

regards.

[0]  #742763 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742763

-- 
Arturo Borrero González