Re: default firewall utility changes for Debian 11 bullseye

[Sunil Mohan Adapa <sunil@medhas.org>]

On 16/07/19 2:07 am, Arturo Borrero Gonzalez wrote:
[...]
> 2) introduce firewalld as the default firewalling wrapper in Debian, at least in
> desktop related tasksel tasks.
> 

firewalld is a reasonable choice. We setup and manage firewalld
automatically in FreedomBox.

- firewalld has simple ways for adding exceptions to ports and services.
Many service definitions explain to the user what the ports in the
service are useful for. Packages can bring in their own service definitions.

- firewalld works alright in many scenarios for servers with multiple
network interfaces because of zones.

- Network Manager has a 'Zone' property that directly corresponds to
firewalld zone. When Network Manager brings up an interface, it is
assigned to the configured firewalld zone.

- firewalld has a DBus interface that allows querying the current status
of the firewall simpler than parsing command line output.

- firewalld is a live daemon that adds and removes rules as we interact
with it via command line or DBus interface and does not need
'restarting' like some firewall wrappers. Restarting would flush all
firewalls and add them back again. At least for some of the firewall
scripts, this operation is not atomic.

- It supports dealing with custom rules using 'direct' rules.

-- 
Sunil