registry team mailing list archive

[Jamie Strandboge <jamie@xxxxxxxxxx>]

ufw already has an upstart script and ufw is installed by default in
Ubuntu as a Recommends of ubuntu-standard and therefore a part of all
Ubuntu server installations. ufw can be used either via its cli command
(man ufw), its framework (man ufw-framework) or a combination of both.
People wanting to have a highly customized firewall can simply use
/etc/ufw/*.rules and ignore the cli command completely (/etc/ufw/*rules
use standard iptables-restore syntax and take care of all the heavy
lifting of boot integration like making sure it is started before an
interface comes up, etc, etc -- again, see 'man ufw-framework).
Alternatively, there is shorewall which is also in main which may be
better suited for a routing firewall depending on your needs.

As I recall, Debian used to provide this sort of script but it caused
them a lot of grief. Their current view (I believe-- correct me if I'm
wrong) is that iptables is intended to be a lowlevel tool only and it
providing this sort of script a) gets in the way of other tools, like
ufw, shorewall, firestarter, etc, and b) can not be flexible or robust
enough for everyone's needs. Because I don't recall the full history
(and others in this bug don't seem to either), I would be opposed to
Ubuntu diverging from Debian on this point and potentially repeating
history. People who want this functionality in iptables itself should
work with Debian to find the best solution possible for Debian, Ubuntu
and all their derivatives, after which we can sync with Debian.

-- 
iptables rules are not saved across reboots
https://bugs.launchpad.net/bugs/622431
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.