On Fri, 2014-05-09 at 09:18 +0200, Arturo Borrero Gonzalez wrote: > On 8 May 2014 19:16, Frank Bauer <frank.c.bauer@gmail.com> wrote: > > Hi, > > > > Jessie currently contains linux 3.13, which includes the successor of > > iptables - nftables. > > Unfortunately, the userspace tools (nftables) are still missing even in > > sid/experimental. > > > > As Vincent Bernat said, is in NEW. Has been in NEW for a month or so. > > > Is there a general plan to support nftables in jessie? As the release > > managers reminded > > us recently, the freeze will be here in no time. I believe it is essential > > for users to be able > > to test this new technology in jessie before fully switching to it in > > jessie+1. > > > > Unfortunately, there isn't a 'general plan'. > > I mean, the package will be uploaded and maintained. But no talk > happened about what means having nftables in Debian. > > I think the following points may be interesting: > * in which state/shape is the nftables framework? > * what about the iptables and the compat layer? The next upstream > release of iptables will, by default, use the nf_tables kernel > subsystem. What about it? Is there a problem? > * what about a standard firewall service (like other distros do). > iptables also lacks of it. I think there should be a standard host firewall that supports simple high-level configuration and is installed by default (whether it blocks anything would have to be a debconf question). For firewall routers, I don't think we need to pick a default. > * Some bugs happened in the Debian kernel package, and the kernel > currently in Jessie comes without nf_tables enabled [0]. [...] Well it's fixed in unstable and will be fixed in jessie RSN. Ben. -- Ben Hutchings Knowledge is power. France is bacon.
Attachment:
signature.asc
Description: This is a digitally signed message part