[pkg-netfilter-team] Bug#944748: Bug#944748: nftables: no init script
Magnus Holmgren
holmgren at debian.org
Fri Oct 20 10:35:38 BST 2023
On Fri, 15 Nov 2019 14:29:44 +0000 (UTC) Thorsten Glaser <tg at debian.org>
wrote:
> Arturo Borrero Gonzalez dixit:
>
> >I'm sorry, but I don't plan to work on any kind of sysvinit support for
nftables.
> […]
> >Anyway, I'm closing the bug report as wontfix.
>
> Feel free to have it as wontfix, but it’s still a serious
> current Policy violation and thus RC. Not fixing it will
> make your package unsuitable for a stable release.
Reminder that this bug isn't about building support for saving the currently
loaded ruleset to a file and reloading it after reboot, only about adding a
minimal init script that does the same job as the existing systemd unit.
I actually like how you can actually write your rules in a fairly readable,
structured format, making it easier to make changes by editing the
configuration and reloading as opposed to executing commands to add or delete
rules and then saving the changes, but to facilitate integration of other
packages with nftables, I think coming up with some scheme where those
packages can drop configuration snippets in /etc/nftables.d, or perhaps /etc/
nftables/input.d etc., could be helpful. (This would work because the include
statement can be used in various places, not just at the top level, and an
include statement with wildcard symbols that matches no files is no error.)
This is again a whole separate issue, though.
--
Magnus Holmgren
Debian Developer
More information about the pkg-netfilter-team
mailing list