Re: default firewall utility changes for Debian 11 bullseye
Ok, after a couple of weeks, lets try to summarize:
On 7/16/19 11:07 AM, Arturo Borrero Gonzalez wrote:
>
> This email contains 2 changes/proposals for Debian 11 bullseye:
>
> 1) switch priority values for iptables/nftables, i.e, make nftables Priority:
> important and iptables Priority: optional
>
Nobody seems to disagree with this point. So I will be doing this soon.
> 2) introduce firewalld as the default firewalling wrapper in Debian, at least in
> desktop related tasksel tasks.
>
There are some mixed feelings about this. However I couldn't find any strong
opinion against either.
What I would do regarding this is (just a suggestion):
* raise priority of firewalld
* document in-wiki what defaults are, and how to move away from them
* include some documentation bits in other firewalling wrappers on how to deal
with this default, i.e what needs to be changed in the system for ufw to work
without interferences (disable firewalld?)
I don't maintain/control firewalld/ufw so I can't do these changes myself and
will leave to Cyril/Michael/Jaime handle the situation for new bullseye install
as they see fit.
Reply to: