Re: default firewall utility changes for Debian 11 bullseye
On Tue, Jul 16, 2019 at 11:07:15AM +0200, Arturo Borrero Gonzalez wrote:
> Also, I believe the days of using a low level tool for directly configuring the
> firewall may be gone, at least for desktop use cases. It seems the industry more
> or less agreed on using firewalld [2] as a wrapper for the system firewall.
> There are plenty of system services that integrate with firewalld anyway [3].
> By the way, firewalld is using (or should be using) nftables by default at this
> point.
The current firewalld package in unstable depends on iptables, which
means that it does use nftables under the hood unless one fiddles with
alternatives.
apt-file search /usr/bin/firewalld suggests that at present, two
packages (freedombox and glusterfs-common) integrate with firewalld. For
comparison, 17 packages integrate with ufw.
Disclaimer: This is not an endorsement of ufw. I merely researched the
situation and am summarizing my findings.
Still I am drawing the conclsuion that "the industry more or less agreed
on using firewalld" seems wrong to me.
If you want to make firewalld the desktop default, I encourage you to
look back at how apparmor was made the default. I remember that as a
very good process. You raise the issue at a very good time.
Helmut
Reply to: