Re: is nft running? how do I get info?
Bonno Bloksma wrote:
...
> Why, now that we are at bookworm, is the nftables service not enabled by default? With a default ruleset that pretty much leaves it all open but is a starting point.
> If we do not want that, then at least the default config should contain a warning about first enabling the service or scripting something to have it working (after a reboot).
>
> I think this is the first time I have come across something in Debian that after being installed by default does nothing, even when provided with a valid config file at the proper location.
> I consider that a bug.
>
> Here is something similar.
> Consider opening your door with a key. Every time you open the door with the key it opens. All is well, you bought the cylinder and key for the lock at a very good locksmith. You told him you had been installing cylinders In doors for years and you were able to insert this cylinder in the door.
> Until sometime later you find out the door never locks, it is always open, that is why you could always enter.
> It turns out you first need to enable the cylinder before it did something useful with the key provided.
> That was something completely new, you never heard of it before, neither do I though. ;-)
>
> Bonno Bloksma
not everyone wants a firewall installed on their system
(non-desktop users or embedded systems being two examples
that easily come to mind).
i think for most desktop installs there should be a minimal
firewall installed but then you get into the issue of which one?
personally i run ufw.
songbird
Reply to: