Problem description

Debian includes many, many packages which provide firewalling tools for users; enough that it's difficult for the novice user to choose between them, which often means choosing none at all; and even though iptables is installed as part of the base system, this package includes no firewall rules (i.e., a default policy of "permit") and no startup scripts to manage a firewall. Moreover, even though the various firewall packages all hook into iptables, there is minimal support for sharing configurations between the tools or migrating from one to the other because they lack any common configuration format (many of them treat the actual iptables rules as an exported view only); and with the exception of particular common services, users are left on their own to peruse HOWTOs to figure out how to let package-specific traffic through their firewall.

Proposed solution

So obviously, the right way to fix this is to introduce a completely new system.

features