Hi, Am Mittwoch, 31. Juli 2019 schrieb Scott Kitterman: > > > On July 30, 2019 11:52:30 AM UTC, Arturo Borrero Gonzalez <art...@debian.org> > wrote: > >Ok, after a couple of weeks, lets try to summarize: > > > >On 7/16/19 11:07 AM, Arturo Borrero Gonzalez wrote: > >> > >> This email contains 2 changes/proposals for Debian 11 bullseye: > >> > >> 1) switch priority values for iptables/nftables, i.e, make nftables > >Priority: > >> important and iptables Priority: optional > >> > > > >Nobody seems to disagree with this point. So I will be doing this soon. > > > >> 2) introduce firewalld as the default firewalling wrapper in Debian, > >at least in > >> desktop related tasksel tasks. > >> > > > >There are some mixed feelings about this. However I couldn't find any > >strong > >opinion against either. > > > >What I would do regarding this is (just a suggestion): > >* raise priority of firewalld > >* document in-wiki what defaults are, and how to move away from them > >* include some documentation bits in other firewalling wrappers on how > >to deal > >with this default, i.e what needs to be changed in the system for ufw > >to work > >without interferences (disable firewalld?) > > > >I don't maintain/control firewalld/ufw so I can't do these changes > >myself and > >will leave to Cyril/Michael/Jaime handle the situation for new bullseye > >install > >as they see fit. > > Please don't install one by default. I suspect it will cause more trouble > for end users than it's worth. Making sure our default install is severely > limited in what ports it listens to is likely more broadly useful and less > risky. >
Also chiming in on the no-firewall-by-default tune... Mike -- Gesendet von meinem Fairphone2 (powered by Sailfish OS).
