Package: nftables Version: 0.9.0-2 Severity: serious Justification: Policy 9.11
I’m trying to set up a simple firewall (just filter an exposed servive so only select source IP addresses can use it) and was told that nftables should be used for new setups. While https://wiki.debian.org/nftables is a bit short on actual helpful information, https://wiki.gentoo.org/wiki/Nftables has more useful info, but incidentally, while Gentoo ships an init script with nftables (one that can save and restore rules even) Debian doesn’t. This is a problem, as this way the firewall rules are not reboot-safe (i.e. gone after rebooting) unless I add something to /etc/rc.local or something. However, nftables appears to ship a systemd unit, which is a clear violation of Policy §9.11: “However, any package integrating with other init systems must also be backwards-compatible with sysvinit by providing a SysV- style init script with the same name as and equivalent functionality to any init-specific job, as this is the only start-up configuration method guaranteed to be supported by all init implementations.” I checked latest version of Policy, and this is still there. So please make a stable update adding an init script. -- System Information: Debian Release: 10.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages nftables depends on: ii dpkg 1.19.7 ii libc6 2.28-10 ii libgmp10 2:6.1.2+dfsg-4 ii libjansson4 2.12-1 ii libnftables0 0.9.0-2 ii libreadline7 7.0-5 nftables recommends no packages. nftables suggests no packages. -- no debconf information