Hi there, AFAIK iptables is installed by default by the debian installer up to Debian 10 Buster.
I would like to start exploring dropping the iptables default for Debian 11. I'm referring to don't install the package by default in any way: * not as part of the base operating system * not in any task by tasksel * downgrade priority/importance of the package (currently Priority: important) If we still need a default low-level firewalling tool installed by default I would suggest we switch to nftables. Also, firewalld should be considered as a sensible wrapper at this point, more or less in sync with what other distros are doing. So my proposal would be to do something like: * raise package priority of nftables * include nftables in debian installer/base operating system/tasksel * introduce firewalld at least into desktop tasksel tasks regards PS: By default Debian Buster already uses iptables-nft, a version of iptables that uses the nf_tables kernel engine.
