Re: Nftables in jessie?
On 12 May 2014 14:56, Ben Hutchings <ben@decadent.org.uk> wrote:
>>
>> I think the following points may be interesting:
>> * in which state/shape is the nftables framework?
>> * what about the iptables and the compat layer? The next upstream
>> release of iptables will, by default, use the nf_tables kernel
>> subsystem.
>
> What about it? Is there a problem?
>
No, just pointing it out.
>> * what about a standard firewall service (like other distros do).
>> iptables also lacks of it.
>
> I think there should be a standard host firewall that supports simple
> high-level configuration and is installed by default (whether it blocks
> anything would have to be a debconf question).
>
I think there is no an easy (direct) choice.
The nftables syntax is kind of higher level than iptables. Readable
keywords vs classic switches.
> For firewall routers, I don't think we need to pick a default.
>
>> * Some bugs happened in the Debian kernel package, and the kernel
>> currently in Jessie comes without nf_tables enabled [0].
> [...]
>
> Well it's fixed in unstable and will be fixed in jessie RSN.
>
Ok, thanks.
--
Arturo Borrero González
Reply to: