Re: default firewall utility changes for Debian 11 bullseye
On Wed, 17 Jul 2019, Chris Lamb wrote:
> Jamie Strandboge wrote:
>
> > Again, I'm biased, but ufw supports IPv6. It's also been on the default server
> > and desktop install of Ubuntu for 9+ years. ufw functions well for bastion
> > hosts, less so for routers (though it has some facility there).
>
> It also has a first-class Ansible module which (given a flood of
> firewall options around when I needed to pick something in haste
> around the time of the stretch release…) was actually the deciding
> factor for me:
>
> https://docs.ansible.com/ansible/latest/modules/ufw_module.html
Oh, nice! I should probably collect the various projects that integrate with
ufw and list them somewhere... (I've added that to my todo).
Related, I have some improvements for fail2ban I've been meaning to upstream as
well that make it work a lot better, esp wrt IPv6.
On that note and to anyone participating in this thread or just coming across
it some time in the future, if there are things that would make ufw better in
Debian (particularly wrt bastion use cases), I'm happy to make improvements
regardless of if it is a candidate as the default or not (please file bugs :).
--
Email: jamie@strandboge.com
IRC: jdstrand
Reply to: