On Tue, Jul 16, 2019 at 11:07:15AM +0200, Arturo Borrero Gonzalez wrote: > Also, I believe the days of using a low level tool for directly configuring > the > firewall may be gone, at least for desktop use cases. It seems the industry > more > or less agreed on using firewalld [2] as a wrapper for the system firewall. > There are plenty of system services that integrate with firewalld anyway [3]. > By the way, firewalld is using (or should be using) nftables by default at > this > point.
The current firewalld package in unstable depends on iptables, which means that it does use nftables under the hood unless one fiddles with alternatives. apt-file search /usr/bin/firewalld suggests that at present, two packages (freedombox and glusterfs-common) integrate with firewalld. For comparison, 17 packages integrate with ufw. Disclaimer: This is not an endorsement of ufw. I merely researched the situation and am summarizing my findings. Still I am drawing the conclsuion that "the industry more or less agreed on using firewalld" seems wrong to me. If you want to make firewalld the desktop default, I encourage you to look back at how apparmor was made the default. I remember that as a very good process. You raise the issue at a very good time. Helmut
