Re: default firewall utility changes for Debian 11 bullseye

[Guillem Jover <guillem@debian.org>]

Hi!

On Tue, 2019-07-16 at 11:07:15 +0200, Arturo Borrero Gonzalez wrote:
> as you may know, Debian 10 buster includes the iptables-nft utility by
> default, which is an iptables flavor that uses the nf_tables kernel
> subsystem. Is intended to help people migrate from iptables to nftables.

Yeah, this was a great way to migrate, thanks!

> This email contains 2 changes/proposals for Debian 11 bullseye:
> 
> 1) switch priority values for iptables/nftables, i.e, make nftables Priority:
> important and iptables Priority: optional

Ack. We should really be moving towards nftables, which is so much
better in any possible way. I think doing this early would be good
so that we can find any remaining issues (at least in documentation)
about migrating from iptables to nftables.

As mentioned elsewhere, while you can do the change in the packages
you maintain, you'll still need to file an override change request
against ftp.debian.org so that this gets actually modified. :)

> 2) introduce firewalld as the default firewalling wrapper in Debian,
> at least in desktop related tasksel tasks.

I've never used this nor do use a traditional desktop, so have no
opinion on it, and I'm not sure I care deeply TBH. :)

Thanks,
Guillem