Re: default firewall utility changes for Debian 11 bullseye
Hi,
Am Mittwoch, 31. Juli 2019 schrieb Scott Kitterman:
>
>
> On July 30, 2019 11:52:30 AM UTC, Arturo Borrero Gonzalez <arturo@debian.org> wrote:
> >Ok, after a couple of weeks, lets try to summarize:
> >
> >On 7/16/19 11:07 AM, Arturo Borrero Gonzalez wrote:
> >>
> >> This email contains 2 changes/proposals for Debian 11 bullseye:
> >>
> >> 1) switch priority values for iptables/nftables, i.e, make nftables
> >Priority:
> >> important and iptables Priority: optional
> >>
> >
> >Nobody seems to disagree with this point. So I will be doing this soon.
> >
> >> 2) introduce firewalld as the default firewalling wrapper in Debian,
> >at least in
> >> desktop related tasksel tasks.
> >>
> >
> >There are some mixed feelings about this. However I couldn't find any
> >strong
> >opinion against either.
> >
> >What I would do regarding this is (just a suggestion):
> >* raise priority of firewalld
> >* document in-wiki what defaults are, and how to move away from them
> >* include some documentation bits in other firewalling wrappers on how
> >to deal
> >with this default, i.e what needs to be changed in the system for ufw
> >to work
> >without interferences (disable firewalld?)
> >
> >I don't maintain/control firewalld/ufw so I can't do these changes
> >myself and
> >will leave to Cyril/Michael/Jaime handle the situation for new bullseye
> >install
> >as they see fit.
>
> Please don't install one by default. I suspect it will cause more trouble for end users than it's worth. Making sure our default install is severely limited in what ports it listens to is likely more broadly useful and less risky.
>
Also chiming in on the no-firewall-by-default tune...
Mike
--
Gesendet von meinem Fairphone2 (powered by Sailfish OS).
Reply to: