Package: d-i Severity: minor Dear Maintainer,
Testing with a new Debian bookworm install, downloaded apr 24 2023, I noticed my nftables.conf firewall configuration never gets loaded. After some testing a searching on the net I found it is disabled by default. As the /etc/nftables.conf file is marked executable by default this lead me to think it would get loaded by the service. As the default firewall in that file quite innocent I wonder why the service is not enabled by default? In my case not getting any errors and having a proper config led me to believe my firewall was working. All services worked as well. Of course they did, there was no firewall. :-( As Buster still had a working iptables I never noticed the problem there, not even when I converted some of my itables config to a nft config file. All my services still worked after the conversion so I assumed the conversion was successfull. Never realizing the filewall config never got loaded and there was no filewall at all, so my services did indeed work as there was nothing to block it. :-( Bookworm does not have iptables anymore by default, it should have at least one acvtive firewall. Please by default enable the nft service during install and have it load the (innocent) default config in /etc/nftables.conf -- System Information: Debian Release: 12.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-7-amd64 (SMP w/1 CPU thread; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled