Hello I don't agree with the importance of this bug, netfilter-persistent is just a shell script, it always was. I don't think is suited for inexperienced users as you have to write the iptables rules yourself.
I think the package could do a better job advertising that it may fail and leave the machine exposed, but by default it should not change the policy to DROP if it fails to load the firewall. Actually, it may even fail to change the policy to DROP... If Jonathan agrees I'd lower this bug severity and try to upload it back to unstable. I fully agree with #829640. -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 keybase: http://keybase.io/gfa
signature.asc
Description: PGP signature