On 16/07/19 2:07 am, Arturo Borrero Gonzalez wrote: [...] > 2) introduce firewalld as the default firewalling wrapper in Debian, at least > in > desktop related tasksel tasks. >
firewalld is a reasonable choice. We setup and manage firewalld automatically in FreedomBox. - firewalld has simple ways for adding exceptions to ports and services. Many service definitions explain to the user what the ports in the service are useful for. Packages can bring in their own service definitions. - firewalld works alright in many scenarios for servers with multiple network interfaces because of zones. - Network Manager has a 'Zone' property that directly corresponds to firewalld zone. When Network Manager brings up an interface, it is assigned to the configured firewalld zone. - firewalld has a DBus interface that allows querying the current status of the firewall simpler than parsing command line output. - firewalld is a live daemon that adds and removes rules as we interact with it via command line or DBus interface and does not need 'restarting' like some firewall wrappers. Restarting would flush all firewalls and add them back again. At least for some of the firewall scripts, this operation is not atomic. - It supports dealing with custom rules using 'direct' rules. -- Sunil
