[pkg-netfilter-team] Bug#935857: nftables: improvement for nft settings
westlake
westlake2012 at videotron.ca
Tue Aug 27 01:30:51 BST 2019
Package: nftables
Version: 0.9.1-2~bpo10+1
Severity: important
there's a question on where firewall rules are supposed to be stored
when it comes to nft on debian,
A user looking at nft's systemd service will notice that rules are
stored in /etc/nftables.conf
Nftables.conf needs to have the header "#!/usr/sbin/nft -f"
but why not make it simpler for users and instead put the nft command
outside of this file? .conf files are not supposed to store executables
at the header, that's non-intuitive and imho not a good idea.
other distributions simply keep rules only in this file without any
confusing header executable..
this also makes it non-standard , .conf files are not highly not
regarded to be treated as scripting executables...
More information about the pkg-netfilter-team
mailing list