Bonno Bloksma wrote: ... > Why, now that we are at bookworm, is the nftables service not enabled by > default? With a default ruleset that pretty much leaves it all open but is a > starting point. > If we do not want that, then at least the default config should contain a > warning about first enabling the service or scripting something to have it > working (after a reboot). > > I think this is the first time I have come across something in Debian that > after being installed by default does nothing, even when provided with a > valid config file at the proper location. > I consider that a bug. > > Here is something similar. > Consider opening your door with a key. Every time you open the door with the > key it opens. All is well, you bought the cylinder and key for the lock at a > very good locksmith. You told him you had been installing cylinders In doors > for years and you were able to insert this cylinder in the door. > Until sometime later you find out the door never locks, it is always open, > that is why you could always enter. > It turns out you first need to enable the cylinder before it did something > useful with the key provided. > That was something completely new, you never heard of it before, neither do I > though. ;-) > > Bonno Bloksma
not everyone wants a firewall installed on their system (non-desktop users or embedded systems being two examples that easily come to mind). i think for most desktop installs there should be a minimal firewall installed but then you get into the issue of which one? personally i run ufw. songbird
