** Description changed: [Availability] - * The package is already in universe and has been supported by Ubuntu - kernels since at least Ubuntu 18.04 LTS. It builds and is supported - on all Ubuntu architectures. + * The package is already in universe and has been supported + by Ubuntu kernels since at least Ubuntu 18.04 LTS. It + builds and is supported on all Ubuntu architectures. [Rationale] - * nftables is the future CLI and backend for firewalling which should - be available on Ubuntu by default, and is the preferred tool by the - upstream kernel community. + * nftables is the future CLI and backend for firewalling + which should be available on Ubuntu by default, and is + the preferred tool by the upstream kernel community. - * iptables will be switching to nftables backened, but iptables - availability and usage will probably continue for forseeable future. - It is expected that newer software will be adopting nftables directly, - rather than via iptables compat tools. + * iptables will be switching to nftables backend, but + iptables availability and usage will probably continue for + forseeable future. It is expected that newer software will + be adopting nftables directly, rather than via iptables + compat tools. [Security] - * There is no history of of vulnerabilities in the nftables user - space tools (CVE-2015-1573 is in the kernel portion of nftables). + * There is no history of of vulnerabilities in the nftables + user space tools (CVE-2015-1573 is in the kernel portion + of nftables). - * The nftables binary package contains the binary `/usr/bin/nft` which - is neither setuid nor setgid. This binary is the utility that interacts - with and configures the nftables subsystem in the Linux kernel. + * The nftables binary package contains the binary + `/usr/bin/nft` which is neither setuid nor setgid. This + binary is the utility that interacts with and configures + the nftables subsystem in the Linux kernel. - * The package also includes a oneshot systemd service used during - boot to load the nftables configuration in /etc/nftables.conf. As - packaged in Debian, this service is disabled by default. + * The package also includes a oneshot systemd service + used during boot to load the nftables configuration in + /etc/nftables.conf. As packaged in Debian, this service + is disabled by default. - * It interacts with and configures the network filtering as performed - by the Linux kernel. + * It interacts with and configures the network filtering + as performed by the Linux kernel. [Quality Assurance - function/usage] - * The package works as installed; it does require enabling the systemd - oneshot service to automatically reload defined rules on boot. + * The package works as installed; it does require enabling + the systemd oneshot service to automatically reload defined + rules on boot. [Quality assurance - maintenance] LP bugs: https://bugs.launchpad.net/ubuntu/+source/nftables/+bugs Debian: https://bugs.debian.org/cgi-bin/pkgreport.cgi?repeatmerged=no&src=nftables Upstream: https://bugzilla.netfilter.org/buglist.cgi?bug_status=__open__&content=&no_redirect=1&order=Importance&product=nftables&query_format=specific - * Ubuntu and Debian bugs are reasonably under control. Upstream has - a larger set of bugs that are mostly about parsing errors (flex/yacc - are complex) and documentation or feature requests. + * Ubuntu and Debian bugs are reasonably under + control. Upstream has a larger set of bugs that are + mostly about parsing errors (flex/yacc are complex) and + documentation or feature requests. [Quality Assurance - testing] - * Tests are not run at build time; there are many tests run during - autopkgtests across all architectures, but the more extensive ones - have been marked as flaky. Example autopkgtest log: + * Tests are not run at build time; there are many tests + run during autopkgtests across all architectures, but the + more extensive ones have been marked as flaky. Example + autopkgtest log: https://autopkgtest.ubuntu.com/results/autopkgtest-jammy/jammy/amd64/n/nftables/20220117_122101_70524@/log.gz [Quality Assurance - packaging] * A debian/watch file is present and works. Lintian reports nothing substantial, just minor standards version lag as - well as debian/control missing the Rules-Requires-Root: field - (silent-on-rules-requiring-root). It does not depend on obsolete - or about to be demoted packages. There are no debconf settings or - questions. + well as debian/control missing the Rules-Requires-Root: + field (silent-on-rules-requiring-root). It does not depend + on obsolete or about to be demoted packages. There are no + debconf settings or questions. [UI Standards] - * It is primarily a command line system tool that is sysadmin facing, - that does not contain translations. + * It is primarily a command line system tool that is + sysadmin facing, that does not contain translations. [Dependencies] - * Documentation tools used during the build are in universe; all - runtime dependencies are in main. It uses libjannson for JSON handling, - not sure if there's a preferred JSON library in main. + * Documentation tools used during the build are in + universe; all runtime dependencies are in main. It uses + libjannson for JSON handling, not sure if there's a + preferred JSON library in main. [Standards compliance] * This package correctly follows FHS and Debian Policy [Maintenance/Owner] - * The ubuntu-security team is not yet but will be subscribed to - bugs for nftables. There are no static builds. There are some very - minor embedded code copies that are either disabled at build time - (system gmp is used over embedded mini-gmp) or are fairly small - (David Woodhouse's rbtree). It is relatively mature software with - active upstream commits (http://git.netfilter.org/nftables/log/) + * The ubuntu-security team is not yet but will be + subscribed to bugs for nftables. There are no static + builds. There are some very minor embedded code copies that + are either disabled at build time (system gmp is used over + embedded mini-gmp) or are fairly small (David Woodhouse's + rbtree). It is relatively mature software with active + upstream commits (http://git.netfilter.org/nftables/log/) as well as reasonably active maintenance in Debian. [Background information] - * The package description explains the package well. The upstream - project is part of the larger netfilter project, and is documented - at https://netfilter.org/projects/nftables/index.html . + * The package description explains the package + well. The upstream project is part of the + larger netfilter project, and is documented at + https://netfilter.org/projects/nftables/index.html
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1887187 Title: [MIR] nftables To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nftables/+bug/1887187/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs