Bug#1038811: general: Unable to poweroff and suspend after upgrading to Debian 12 from Debian 11

Package: general Severity: important X-Debbugs-Cc: bete...@web.de Dear Maintainer, * What led up to the situation? After upgrading to Debian 12 bookworm from Debian 11 I couldn't shutdown or suspend anymore because of several components waiting indefinitely lik

Bug#1033149: general: debian 11 fails to hibernate when RAM usage above 7GB

Package: general Severity: important X-Debbugs-Cc: m6619...@gmail.com Dear Maintainer, * What led up to the situation? Fails to hibernate when RAM usage is above 7GB, despite having a swap of 30GB and total RAM of 16GB. * What exactly did you do (or not do) that was effe

Re: Debian 11 Bullseye Setup Problems Error Report

G'day admin4, I suggest you take this to the #debian IRC channel where you can hopefully drill down to the root cause of the problem. A mailing list like debian-devel is not really well suited to do back-and-forth debugging... *t On 23.09.21 12:08, admin4 wrote: GoodDay Mates, network conn

Re: Debian 11 Bullseye Setup Problems Error Report

GoodDay Mates, network connectivity dropping during package download is still there, it is a major problem, sometimes it works, sometimes not, this used to work very well. it will especially annoy new users, so this issue need to be debugged & fixed! will also write to SpaceX about it (if it has

Re: Debian 11 Bullseye Setup Problems Error Report

Paul Wise writes: > On Wed, Aug 18, 2021 at 10:42 AM admin4 wrote: > >> is there a Debian "testing" team? > > That is composed of everyone who uses Debian and especially those who > decide to report an issue they found. While that probably accounts for the bulk of the effort, there are also peo

Re: Debian 11 Bullseye Setup Problems Error Report

On Fri, Aug 20, 2021 at 10:15 PM Timothy M Butterworth wrote: > I give the installer a 5 star rating although I would like to see some > improvements made to the disk configuration utility. Currently the > disk configuration utility is non-intuitive and appears to be designed > for keyboard only n

Re: Debian 11 Bullseye Setup Problems Error Report

I have been using Debian 11 since Alpha 1 release. I installed with non-free live DVD using the calamaris installer. I have it installed on three systems one Intel Celeron, one Intel i5 and one AMD Ryzen 7. I give the installer a 5 star rating although I would like to see some improvements made

Re: Debian 11 Bullseye Setup Problems Error Report

Hello all valuable and constructive contributors :) 1) so thanks again for Debian it is just a lovely distro 2) forgot to mention: was using the net install ISOs for the test (hardware used server hp proliant g6 (amd64) (the raid is detected fine!)

Re: Debian 11 Bullseye Setup Problems Error Report

On Wed, Aug 18, 2021 at 10:42 AM admin4 wrote: > is there a Debian "testing" team? That is composed of everyone who uses Debian and especially those who decide to report an issue they found. > that does test setups of Debian ISOs on a bunch of different hardware with > priority on the most use

Re: Debian 11 Bullseye Setup Problems Error Report

On Wed, Aug 18, 2021 at 9:12 AM admin4 wrote: > cat feed.xml |nano # wohooo it works > > Too many errors from stdin You need to tell nano to load stdin: cat feed.xml | nano - > here we go admin4 into the spam database... for trying to report a problem > and improve a GNU Linux distribution. P

Re: Debian 11 Bullseye Setup Problems Error Report

Hello all, in short, * is there a Debian "testing" team?, that does test setups of Debian ISOs on a bunch of different hardware with priority on the most used CPUs like amd64 and i386, (free and non-free versions)), * before the ISOs spread across the world on all those nice download

Re: Debian 11 Bullseye Setup Problems Error Report

On Wed, Aug 18, 2021 at 12:25:58PM +0200, admin4 wrote: > Hello all, in short, > > * is there a Debian "testing" team?, that does test setups of Debian > ISOs on a bunch of different hardware with priority on the most used > CPUs like amd64 and i386, (free and non-free versions)), > *

Re: Debian 11 Bullseye Setup Problems Error Report

tant. after setup is complete yes, but during the setup / when doing a setup of Debian 11 iso via https://ftp.halifax.rwth-aachen.de/debian-cd/11.0.0/ <https://ftp.halifax.rwth-aachen.de/debian-cd/11.0.0/> during the setup neither less nor vi are available in the consoles (what gnu linux is

Re: Debian 11 Bullseye Setup Problems Error Report

On Wed, Aug 18, 2021 at 10:54:17AM +0200, admin4 wrote: > >> Q1: (question1): why is there nor vi nor less included in the setup? Both are included, less has Priority: standard, vim-tiny has Priority: important. > in theory yes... in reality try this: > > wget https://thesquareplanet.com/feed.xml

Re: Debian 11 Bullseye Setup Problems Error Report

Hello Paul, thanks for the timely reply. On 8/18/21 4:33 AM, Paul Wise wrote: > On Tue, Aug 17, 2021 at 10:39 AM admin4 wrote: > >> today was the day trying out the new Debian 11 with LTS (LTS is a reason for >> users consider switching to Ubuntu, so good choice there) >

Re: Debian 11 Bullseye Setup Problems Error Report

On Tue, Aug 17, 2021 at 10:39 AM admin4 wrote: > today was the day trying out the new Debian 11 with LTS (LTS is a reason for > users consider switching to Ubuntu, so good choice there) Debian 11/bullseye is not in LTS mode yet. Debian 10/buster will be in LTS mode in a year's time w

Debian 11 Bullseye Setup Problems Error Report

via OSX might be a good transition from Windows) today was the day trying out the new Debian 11 with LTS (LTS is a reason for users consider switching to Ubuntu, so good choice there) *2) the problems:* *E1: (error1) problem: Debian 11 won't install* *tested on:* o hp server g6 pro

Re: Debian 11, system.map, DKMS

>No normal kernel module requires tinkering with System.map. Kernel >modules use exported functions via normal linking and relocation. This >is what everyone uses. Understood. How does one make a function export request? >So if some module uses System.map, it wants to use not exported >function

Re: Debian 11, system.map, DKMS

not even compatible between different builds of the kernel. Sorry, but why should we support this? > Now, without that file in Debian 11, there is simply no way for my > DKMS-built module to find out the required function's address (unless I > install that gargantuan debug package). S

Debian 11, system.map, DKMS

Hello everyone, A DKMS-built kernel module that I have on my system relies on system.map. A build script for the module parses that file in order to figure out addresses of certain functions. Now, without that file in Debian 11, there is simply no way for my DKMS-built module to find out the

Re: Debian 11

On 14/07/2021 11:25, Pierre-Elliott Bécue wrote: Hi Paul, Paul Sutton writes: Hi I installed Debian 11 on my new hard disk yesterday in preparation for the release, everything went very smoothly, I did manage to skip selecting a mirror (error on my part) but adding that manually worked

Re: Debian 11

Hi Paul, Paul Sutton writes: > Hi > > I installed Debian 11 on my new hard disk yesterday in preparation for > the release, everything went very smoothly, I did manage to skip > selecting a mirror (error on my part) but adding that manually worked > fine after asking for

Debian 11

Hi I installed Debian 11 on my new hard disk yesterday in preparation for the release, everything went very smoothly, I did manage to skip selecting a mirror (error on my part) but adding that manually worked fine after asking for help on IRC. Also good learning point on adding items

DKMS packages and Debian 11, system.map

Hello everyone, A DKMS-built kernel module that I have on my system relies on system.map. A build script for the module parses that file in order to figure out addresses of certain functions. Now, without that file in Debian 11, there is simply no way for my DKMS-built module to find out the

Re: cron MAILTO/MAILFROM breakage: debian 11 Bullseye RC 1

On 17.06.21 21:13, Marc Haber wrote: Is there a bugreport for that? There is now. 990026. I marked it Serious because our system admins are seriously .-/ unhappy about the change: we have a whole lot of systems with cronjob entries that'd stop working more-or-less-silently. -- -- Matthias

Re: debian 11 Bullseye RC 1

Polyna-Maude Racicot-Summerside (2021-05-29): > You can also preseed the firmware or add them to your own system > afterward. We're considering documenting the following: sudo apt install isenkram-cli sudo isenkram-autoinstall-firmware sudo reboot Make sure to install isenkram-cli >

Re: cron MAILTO/MAILFROM breakage: debian 11 Bullseye RC 1

On 6/17/21 7:43 PM, Matthias Urlichs wrote: > Hi, > > apparently cron added a MAILFROM envvar. The same patch added a > whitelist of the range of permitted characters.. > > We're a bit unhappy about that because it breaks existing installations: > some ticketing / workflow systems use the destina

cron MAILTO/MAILFROM breakage: debian 11 Bullseye RC 1

Hi, apparently cron added a MAILFROM envvar. The same patch added a whitelist of the range of permitted characters.. We're a bit unhappy about that because it breaks existing installations: some ticketing / workflow systems use the destination address to set variables like severity or ticket

Re: cron MAILTO/MAILFROM breakage: debian 11 Bullseye RC 1

On Thu, 17 Jun 2021 19:43:14 +0200, Matthias Urlichs wrote: >apparently cron added a MAILFROM envvar. The same patch added a >whitelist of the range of permitted characters.. > >We're a bit unhappy about that because it breaks existing installations: >some ticketing / workflow systems use the de

Re: debian 11 Bullseye RC 1

I performed a clean install from https://cdimage.debian.org/images/unofficial/non-free/images-including-firmware/weekly-live-builds/amd64/iso-hybrid/ and now everything works. thanks Tim

Re: debian 11 Bullseye RC 1

Quoting John Scott (2021-05-30 00:55:04) > On Sat, 2021-05-29 at 23:26 +0500, Andrey Rahmatullin wrote: > > > On Sat, 2021-05-29 at 07:27 -0400, Timothy M Butterworth wrote: > > > > Can anyone suggest a WiFi USB adapter that works with debian? > > > > > > (Disclaimer: I'm the maintainer of the fir

Re: debian 11 Bullseye RC 1

On Sat, 2021-05-29 at 23:26 +0500, Andrey Rahmatullin wrote: > > On Sat, 2021-05-29 at 07:27 -0400, Timothy M Butterworth wrote: > > > Can anyone suggest a WiFi USB adapter that works with debian? > > > > (Disclaimer: I'm the maintainer of the firmware-ath9k-htc package, > > and ThinkPenguin, one

Re: debian 11 Bullseye RC 1

On Sat, May 29, 2021 at 07:27:48AM -0400, Timothy M Butterworth wrote: > I just successfully installed bullseye RC 1 on my Asus notebook model > X200CA. Everything is working. If you are looking for a notebook to > run Debian I highly recommend this model. > > I installed Bullseye RC 1 on my new H

Re: debian 11 Bullseye RC 1

On Sat, May 29, 2021 at 12:29:48PM +, John Scott wrote: > On Sat, 2021-05-29 at 07:27 -0400, Timothy M Butterworth wrote: > > Can anyone suggest a WiFi USB adapter that works with debian? > > (Disclaimer: I'm the maintainer of the firmware-ath9k-htc package, and > ThinkPenguin, one of the vend

Re: debian 11 Bullseye RC 1

Hi, On 2021-05-29 1:55 p.m., Timothy M Butterworth wrote: > On 5/29/21, Holger Wansing wrote: >> >> >> Am 29. Mai 2021 18:33:34 MESZ schrieb "Andrew M.A. Cater" >> : >>> Are you using the unoffcial non-free firmware .iso to install from? >>> >>> Are you installing firmware-amdgpu from the non-fre

Re: debian 11 Bullseye RC 1

On 5/29/21, Holger Wansing wrote: > > > Am 29. Mai 2021 18:33:34 MESZ schrieb "Andrew M.A. Cater" > : >>Are you using the unoffcial non-free firmware .iso to install from? >> >>Are you installing firmware-amdgpu from the non-free repository if not? > > Please note that there is no such package wit

Re: debian 11 Bullseye RC 1

Am 29. Mai 2021 18:33:34 MESZ schrieb "Andrew M.A. Cater" : >Are you using the unoffcial non-free firmware .iso to install from? > >Are you installing firmware-amdgpu from the non-free repository if not? Please note that there is no such package with name "firmware-amdgpu" ! (You have already b

Re: debian 11 Bullseye RC 1

... If you are looking for a laptop to run debian I do not > recommend this model. I have Debian 11 RC 1 running in a virtual > machine with VirtualBox and almost everything works. I am not able to > mount my USB drive formatted to EXT4 and SDDM locks up and is > unresponsive after

Re: debian 11 Bullseye RC 1

On Sat, 2021-05-29 at 07:27 -0400, Timothy M Butterworth wrote: > Can anyone suggest a WiFi USB adapter that works with debian? (Disclaimer: I'm the maintainer of the firmware-ath9k-htc package, and ThinkPenguin, one of the vendors, has compensated me for my work.) I suggest getting a wireless ad

debian 11 Bullseye RC 1

integrated graphics don't work. The WiFi does not work needs kernel 5.12. The bluetooth does not work needs kernel 5.12. For now it will have to stay on Windows... Boo If you are looking for a laptop to run debian I do not recommend this model. I have Debian 11 RC 1 running in a virtual ma

Re: [Artwork] Survey for the default artwork for Bullseye (Debian 11)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, 2020-10-26 at 16:18 +0200, Jonathan Carter (highvoltage) wrote: > To vote for your favourite theme, visit the following website and click > on the "Bullseye Artwork Survey" button. From there, you can rank your > choices from the available op

[Artwork] Survey for the default artwork for Bullseye (Debian 11)

Hello Debianites o/ Freeze is coming, and it's that time of the development cycle to choose the desktop artwork to be used in the next Debian release. All the fine submissions can be perused at: https://wiki.debian.org/DebianDesktop/Artwork/Bullseye Thank you to everyone who have put work into

[Artwork] Survey for the default artwork for Bullseye (Debian 11)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello Debianites o/ Freeze is coming, and it's that time of the development cycle to choose the desktop artwork to be used in the next Debian release. All the fine submissions can be perused at: https://wiki.debian.org/DebianDesktop/Artwork/Bullse

Re: default firewall utility changes for Debian 11 bullseye

On 2019-12-19 12:29:59, Roberto C. Sánchez wrote: > Hi Arturo! > > I know that this discussion took place some months ago, but I am just > now getting around to catching up on some old threads :-) Same here :) > On Tue, Jul 30, 2019 at 01:52:30PM +0200, Arturo Borrero Gonzalez wrote: > > > 2) in

Re: default firewall utility changes for Debian 11 bullseye

Hi Wookey, Am Mittwoch, 31. Juli 2019 schrieb Wookey: > On 2019-07-16 11:57 +0200, Raphael Hertzog wrote: > > > > What would/should Debian recommend to configure the firewall on the server > > case ? > > > > I was recommending creating firewall rules with fwbuilder up to now (see > > https://deb

Re: default firewall utility changes for Debian 11 bullseye

>> This email contains 2 changes/proposals for Debian 11 bullseye: > >> > >> 1) switch priority values for iptables/nftables, i.e, make nftables > >Priority: > >> important and iptables Priority: optional > >> > > > >Nobody seems to

Re: default firewall utility changes for Debian 11 bullseye

On 7/16/19 11:07 AM, Arturo Borrero Gonzalez wrote: > For the next release cycle I propose we move this default event further. > As of this email, iptables [0] is Priority: important and nftables [1] is > Priority: optional in both buster and bullseye. The important value means the > package gets i

Re: default firewall utility changes for Debian 11 bullseye

On 7/31/19 7:56 AM, Aron Xu wrote: > be useful for a "standard" server installation with graphic desktop, If we really start to provide that, we should better rename the project to SAPian or SUSian or something like that... -- Bernd ZeimetzDebian GNU/Linux Developer

Re: default firewall utility changes for Debian 11 bullseye

11:07 AM, Arturo Borrero Gonzalez wrote: > > > > This email contains 2 changes/proposals for Debian 11 bullseye: > > > > 1) switch priority values for iptables/nftables, i.e, make nftables > > Priority: > > important and iptables Priority: optional > > >

Re: default firewall utility changes for Debian 11 bullseye

On August 1, 2019 10:42:37 AM UTC, Arturo Borrero Gonzalez wrote: >On 7/31/19 7:20 AM, Adam Borowski wrote: >> A port blocker just sabotages user's requests, requiring every >configuration >> action to be done twice. >> > >Perhaps you are mixing shipping a software by default vs having a >def

Re: default firewall utility changes for Debian 11 bullseye

On 7/31/19 7:20 AM, Adam Borowski wrote: > A port blocker just sabotages user's requests, requiring every configuration > action to be done twice. > Perhaps you are mixing shipping a software by default vs having a default blocking firewall ruleset in the system. Moreover, you are assuming a defa

Re: default firewall utility changes for Debian 11 bullseye

On Aug 01, Aron Xu wrote: > If there is no pre-installed firewall application in a standard/full > installation (which does not exist for us theoretically), Debian could > be easily marked as missing feature in some enterprise IT evalutation, [citation needed] Even if this were true I do no thin

Re: default firewall utility changes for Debian 11 bullseye

[dropping individuals as recipients] Quoting Sunil Mohan Adapa (2019-07-31 17:46:44) > On 31/07/19 7:46 am, Wookey wrote: > [...] > > > > What is the modern equivalent of 'ipmasq'? I still miss this tool on > > a regular basis and loved what it did. I have not found a > > replacement and foreve

Re: default firewall utility changes for Debian 11 bullseye

On Wed, Jul 31, 2019 at 11:10 PM Marco d'Itri wrote: > > On Jul 31, Aron Xu wrote: > > > utility (for instance, firewalld) for certain use cases, i.e. it could > > be useful for a "standard" server installation with graphic desktop, > > for which we could expect most users choosing this method wo

Re: default firewall utility changes for Debian 11 bullseye

On 16/07/19 2:07 am, Arturo Borrero Gonzalez wrote: [...] > 2) introduce firewalld as the default firewalling wrapper in Debian, at least > in > desktop related tasksel tasks. > firewalld is a reasonable choice. We setup and manage firewalld automatically in FreedomBox. - firewalld has simple w

Re: default firewall utility changes for Debian 11 bullseye

On 31/07/19 7:46 am, Wookey wrote: [...] > > What is the modern equivalent of 'ipmasq'? I still miss this tool on a > regular basis and loved what it did. I have not found a replacement > and forever end up looking up runes on the net and doing it by hand > with iptables. ('it' being setting up my

Re: default firewall utility changes for Debian 11 bullseye

On Wed, 31 Jul 2019 at 15:46:39 +0100, Wookey wrote: > What is the modern equivalent of 'ipmasq'? I still miss this tool on a > regular basis and loved what it did. I have not found a replacement > and forever end up looking up runes on the net and doing it by hand > with iptables. ('it' being sett

Re: default firewall utility changes for Debian 11 bullseye

On Jul 31, Aron Xu wrote: > utility (for instance, firewalld) for certain use cases, i.e. it could > be useful for a "standard" server installation with graphic desktop, > for which we could expect most users choosing this method would like > to have advanced firewalling as an enterprise feature

Re: default firewall utility changes for Debian 11 bullseye

On Jul 31, Scott Kitterman wrote: > Please don't install one by default. I suspect it will cause more > trouble for end users than it's worth. Making sure our default > install is severely limited in what ports it listens to is likely more > broadly useful and less risky. Agreed. Default-den

Re: default firewall utility changes for Debian 11 bullseye

On 2019-07-16 11:57 +0200, Raphael Hertzog wrote: > > What would/should Debian recommend to configure the firewall on the server > case ? > > I was recommending creating firewall rules with fwbuilder up to now (see > https://debian-handbook.info/browse/stable/sect.firewall-packet-filtering.html)

Re: default firewall utility changes for Debian 11 bullseye

On Wed, 31 Jul 2019, Adam Borowski wrote: A network firewall is useful. But why would someone want a _host_ firewall for on any sane operating system? If a daemon is not supposed to listen on Are libvirt and network-manager using firewalld to setup network sharing and virtual networks? Or do

Re: default firewall utility changes for Debian 11 bullseye

On Wed, Jul 31, 2019 at 12:27 PM Scott Kitterman wrote: > > Please don't install one by default. I suspect it will cause more trouble > for end users than it's worth. Making sure our default install is severely > limited in what ports it listens to is likely more broadly useful and less > ris

Re: default firewall utility changes for Debian 11 bullseye

On Wed, Jul 31, 2019 at 04:27:24AM +, Scott Kitterman wrote: > On July 30, 2019 11:52:30 AM UTC, Arturo Borrero Gonzalez > wrote: > >On 7/16/19 11:07 AM, Arturo Borrero Gonzalez wrote: > >> 2) introduce firewalld as the default firewalling wrapper in Debian, > >> at least in desktop related t

Re: default firewall utility changes for Debian 11 bullseye

On July 30, 2019 11:52:30 AM UTC, Arturo Borrero Gonzalez wrote: >Ok, after a couple of weeks, lets try to summarize: > >On 7/16/19 11:07 AM, Arturo Borrero Gonzalez wrote: >> >> This email contains 2 changes/proposals for Debian 11 bullseye: >> >> 1) sw

Re: default firewall utility changes for Debian 11 bullseye

On Di, Jul 30, 2019 at 01:52:30 +0200, Arturo Borrero Gonzalez wrote: Ok, after a couple of weeks, lets try to summarize: 1) switch priority values for iptables/nftables, i.e, make nftables Priority: important and iptables Priority: optional Nobody seems to disagree with this point. So I wil

Re: default firewall utility changes for Debian 11 bullseye

Ok, after a couple of weeks, lets try to summarize: On 7/16/19 11:07 AM, Arturo Borrero Gonzalez wrote: > > This email contains 2 changes/proposals for Debian 11 bullseye: > > 1) switch priority values for iptables/nftables, i.e, make nftables Priority: > important and ip

Re: default firewall utility changes for Debian 11 bullseye

Hi Chris Am 18.07.19 um 04:07 schrieb Chris Lamb: > It also has a first-class Ansible module which (given a flood of > firewall options around when I needed to pick something in haste > around the time of the stretch release…) was actually the deciding > factor for me: > > https://docs.ansible.

Re: default firewall utility changes for Debian 11 bullseye

On Wed, 17 Jul 2019, Chris Lamb wrote: > Jamie Strandboge wrote: > > > Again, I'm biased, but ufw supports IPv6. It's also been on the default > > server > > and desktop install of Ubuntu for 9+ years. ufw functions well for bastion > > hosts, less so for routers (though it has some facility the

Re: default firewall utility changes for Debian 11 bullseye

Jamie Strandboge wrote: > Again, I'm biased, but ufw supports IPv6. It's also been on the default server > and desktop install of Ubuntu for 9+ years. ufw functions well for bastion > hosts, less so for routers (though it has some facility there). It also has a first-class Ansible module which (g

Re: default firewall utility changes for Debian 11 bullseye

On Wed, 17 Jul 2019, Jamie Strandboge wrote: > On Tue, 16 Jul 2019, Raphael Hertzog wrote: > > > > 2) introduce firewalld as the default firewalling wrapper in Debian, at > > > least in > > > desktop related tasksel tasks. > > > > No objection. I think it's high time we have some default firewa

Re: default firewall utility changes for Debian 11 bullseye

On Wed, 17 Jul 2019, Chris Lamb wrote: > Raphael Hertzog wrote: > > > The other desktop firewall that I know is "ufw" but it doesn't seem to > > have any momentum behind it. > > It is curious you mention a lack of momentum; in my experience, it is > the most commonly recommended firewall on vari

Re: default firewall utility changes for Debian 11 bullseye

On Tue, 16 Jul 2019, Ben Hutchings wrote: > On Tue, 2019-07-16 at 11:57 +0200, Raphael Hertzog wrote: > [...] > > The other desktop firewall that I know is "ufw" but it doesn't seem to > > have any momentum behind it. > > Also, while its syntax is obviously intended to be simple, it's quite > irr

Re: default firewall utility changes for Debian 11 bullseye

On Wed, 17 Jul 2019, Stephan Seitz wrote: > On Di, Jul 16, 2019 at 11:23:43 +0200, Guillem Jover wrote: > > On Tue, 2019-07-16 at 11:07:15 +0200, Arturo Borrero Gonzalez wrote: > > > as you may know, Debian 10 buster includes the iptables-nft utility by > > > default, which is an iptables flavor t

Re: default firewall utility changes for Debian 11 bullseye

On Tue, 16 Jul 2019, Raphael Hertzog wrote: > > 2) introduce firewalld as the default firewalling wrapper in Debian, at > > least in > > desktop related tasksel tasks. > > No objection. I think it's high time we have some default firewall > installed in particular with IPv6 getting more widely d

Re: default firewall utility changes for Debian 11 bullseye

2] as a wrapper for the system firewall. > There are plenty of system services that integrate with firewalld anyway [3]. > By the way, firewalld is using (or should be using) nftables by default at > this > point. > > This email contains 2 changes/proposals for Debian 11 bullsey

Re: default firewall utility changes for Debian 11 bullseye

On Jul 17, Paul Wise wrote: > To me, something like opensnitch seems like a better option for a > desktop firewall once it becomes more mature and enters Debian. This project is a "personal firewall", which is a quite different thing from what is being discussed here. -- ciao, Marco signatur

Re: default firewall utility changes for Debian 11 bullseye

On Wed, Jul 17, 2019 at 7:05 PM Helmut Grohne wrote: > If you want to make firewalld the desktop default To me, something like opensnitch seems like a better option for a desktop firewall once it becomes more mature and enters Debian. https://github.com/evilsocket/opensnitch/ https://bugs.debian

Re: default firewall utility changes for Debian 11 bullseye

Raphael Hertzog wrote: > The other desktop firewall that I know is "ufw" but it doesn't seem to > have any momentum behind it. It is curious you mention a lack of momentum; in my experience, it is the most commonly recommended firewall on various support-adjacent sites around the internet. (Perha

Re: default firewall utility changes for Debian 11 bullseye

On Mi, Jul 17, 2019 at 12:32:31 +0100, Thomas Pircher wrote: # iptables-translate -A INPUT -s 1.2.3.4 -p tcp --dport 587 -j DROP nft add rule ip filter INPUT ip saddr 1.2.3.4 tcp dport 587 counter drop Ah, thank you very much! Stephan -- | Public Keys: http://fsing.rootsland.net/~sts

Re: default firewall utility changes for Debian 11 bullseye

Stephan Seitz wrote: > What would be the replacement for a simple single line like > iptables -I INPUT -j DROP -s -p tcp –dport 587 ? You can use the iptables-translate. It is not foolproof and does not always git the best results, but it can give you a good starting point for your optimisations

Re: default firewall utility changes for Debian 11 bullseye

Am 17.07.19 um 13:16 schrieb Michael Biebl: > Am 17.07.19 um 13:04 schrieb Helmut Grohne: >> On Tue, Jul 16, 2019 at 11:07:15AM +0200, Arturo Borrero Gonzalez wrote: >>> Also, I believe the days of using a low level tool for directly configuring >>> the >>> firewall may be gone, at least for deskt

Re: default firewall utility changes for Debian 11 bullseye

On Di, Jul 16, 2019 at 11:23:43 +0200, Guillem Jover wrote: On Tue, 2019-07-16 at 11:07:15 +0200, Arturo Borrero Gonzalez wrote: as you may know, Debian 10 buster includes the iptables-nft utility by default, which is an iptables flavor that uses the nf_tables kernel subsystem. Is intended to he

Re: default firewall utility changes for Debian 11 bullseye

Am 17.07.19 um 13:04 schrieb Helmut Grohne: > On Tue, Jul 16, 2019 at 11:07:15AM +0200, Arturo Borrero Gonzalez wrote: >> Also, I believe the days of using a low level tool for directly configuring >> the >> firewall may be gone, at least for desktop use cases. It seems the industry >> more >> or

Re: default firewall utility changes for Debian 11 bullseye

On Tue, Jul 16, 2019 at 11:07:15AM +0200, Arturo Borrero Gonzalez wrote: > Also, I believe the days of using a low level tool for directly configuring > the > firewall may be gone, at least for desktop use cases. It seems the industry > more > or less agreed on using firewalld [2] as a wrapper fo

Re: default firewall utility changes for Debian 11 bullseye

On Tue, 2019-07-16 at 11:57 +0200, Raphael Hertzog wrote: [...] > The other desktop firewall that I know is "ufw" but it doesn't seem to > have any momentum behind it. Also, while its syntax is obviously intended to be simple, it's quite irregular and the syntax error messages aren't very helpful.

Re: default firewall utility changes for Debian 11 bullseye

On 7/16/19 11:57 AM, Raphael Hertzog wrote: > Hi, > > I'm replying to your questions but I have also other questions related to > this fresh transition... > > On Tue, 16 Jul 2019, Arturo Borrero Gonzalez wrote: >> as you may know, Debian 10 buster includes the iptables-nft utility by >> default,

Re: default firewall utility changes for Debian 11 bullseye

ecent release and still hasn't native nftables support (https://github.com/fwbuilder/fwbuilder/issues/17). > This email contains 2 changes/proposals for Debian 11 bullseye: > > 1) switch priority values for iptables/nftables, i.e, make nftables Priority: > important and iptables

Re: default firewall utility changes for Debian 11 bullseye

es. Yeah, this was a great way to migrate, thanks! > This email contains 2 changes/proposals for Debian 11 bullseye: > > 1) switch priority values for iptables/nftables, i.e, make nftables Priority: > important and iptables Priority: optional Ack. We should really be moving towards

default firewall utility changes for Debian 11 bullseye

this point. This email contains 2 changes/proposals for Debian 11 bullseye: 1) switch priority values for iptables/nftables, i.e, make nftables Priority: important and iptables Priority: optional 2) introduce firewalld as the default firewalling wrapper in Debian, at least in desktop related

Re: Suite name for security updates changing with Debian 11 "bullseye"

Hi Ansgar, Ansgar Burchardt ezt írta (időpont: 2019. júl. 11., Cs, 22:02): > > Hi, > > over the last years we had people getting confused over -updates > (recommended updates) and /updates (security updates). Starting > with Debian 11 "bullseye" we have therefore