On 12 May 2014 14:56, Ben Hutchings <b...@decadent.org.uk> wrote: >> >> I think the following points may be interesting: >> * in which state/shape is the nftables framework? >> * what about the iptables and the compat layer? The next upstream >> release of iptables will, by default, use the nf_tables kernel >> subsystem. > > What about it? Is there a problem? >
No, just pointing it out. >> * what about a standard firewall service (like other distros do). >> iptables also lacks of it. > > I think there should be a standard host firewall that supports simple > high-level configuration and is installed by default (whether it blocks > anything would have to be a debconf question). > I think there is no an easy (direct) choice. The nftables syntax is kind of higher level than iptables. Readable keywords vs classic switches. > For firewall routers, I don't think we need to pick a default. > >> * Some bugs happened in the Debian kernel package, and the kernel >> currently in Jessie comes without nf_tables enabled [0]. > [...] > > Well it's fixed in unstable and will be fixed in jessie RSN. > Ok, thanks. -- Arturo Borrero González -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAOkSjBjO+XcmF_d2xHt=8jhar4s6z2hjwwsq1c1hpnfysso...@mail.gmail.com