On Mon, Oct 29, 2018 at 01:39:46PM -0700, Tom Eastep wrote: > On 10/29/18 11:04 AM, Vincas Dargis wrote: > > On 2018-10-24 23:34, Tom Eastep wrote: > >> On 10/24/18 9:18 AM, Vincas Dargis wrote: > >>> What does that mean with regards to Shorewall? Could there potentially > >>> be incompatibilities on how Shorewall expects Linux firewall to behave? > >> > >> There could certainly be incompatibilities that effect Shorewall and/or > >> Shorewall6. > > > > Any plans to handle this issue? Maybe worth documenting/noting that > > Debian Buster users are encouraged to use `update-alternatives` system > > for enabling "old" backend? > > > > Or this should be handled by package maintainers? > > My opinion is that we should address issues as they arise after this > iptables change migrates to testing. nf_tables is the direction in which > the Netfilter team are going, and if we immediately direct users to > switch to the old backend, we only delay resolution of compatibility > issues. Eventually, the old backend will go away, so we want all known > issues with the new backend to be resolved by that time. > > I've copied the Debian Shorewall Maintainer for his input. > Tom,
I agree with your approach. The release team made an announcement last month detailing the timeline for the Buster release: https://lists.debian.org/debian-devel-announce/2018/09/msg00004.html The transition freeze does not affect Shorewall, so the date by which we would need to target a final set of Shorewall packages for Buster would be February 12th. Of course, sooner is better as it allows time for bugs to be discovered by users, reported, and fixed. I have been quite busy with school and work this semester, but once final exams are over I should have some time to be able to get back to Shorewall packaging. I also have not messed with Buster at all, but I can plan to setup a VM for testing as we sort out what changes need to be made in the packaging. If we encounter some unsolvable problem, it would seem we would need to decide between requesting removal of Shorewall from the Buster release (I would much prefer to avoid that) or to document the fallback to the old backend. Either way, a package that works with the new backend would be the ideal solution. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
