[Firewall] 2.0.1 on debian squeeze?
intnsred at golgotha.net
Mon Feb 27 15:40:53 CET 2012
> What I miss though is the file debconf.cfg, because that seemed
> to me a nice abstract of firewall.conf, easier to find and edit
It sounds to me like you're mixing the Arno's tarball *and* Debian's *.deb
package. I wouldn't do that; I'd choose one or the other.
The Debian package is modified to fit Debian's policies and standard file
locations -- that's great, and adds some standardization and Debian, and of
course it's easily manipulated with dpkg and apt-get.
The drawback of the Debian package is that it may not be the latest version
of the software. Debian's policy regarding its major "stable" releases of
Debian clearly draws a line between "bug (or security) software fixes" and
"feature/version software upgrades". This makes sense from a software
development and stability standpoint, but it's not what most people are
conditioned to expect. Most people don't think in term of whether an upgrade
is a feature upgrade or a bug-fix upgrade.
The good news is that under this scheme Debian's package maintainer is
expected to "backport" bug/security fixes to the older software in the Debian
stable release. This can make for some odd program version numbering schemes.
For example, the Debian package might be Program ver. 3.23Debian4 whereas the
upstream program is Program ver. 4.0, with the Debian version including bug
fixes from the later version 4 program.
My own preference for frequently changing programs like web apps or
something like Arno's firewall, is to not use the Debian package. These types
of programs are pretty independent and easily upgraded, and often I want the
latest-greatest upstream version, so I'll not use the Debian *.deb and will
just use the author's released tarball.
For Arno's firewall, it's sanely designed and easily installed or removed,
and it doesn't play around with other parts of the Debian system -- very well
behaved. Thus, it's easy to install, uninstall and reinstall when a new
version is released.
If you view it a requirement to use Debian's debconf.cfg, if it were me,
I'd just then ignore and not install the tarball, and would rely on the *.deb
and the *.deb's package maintainer to ensure that he's backporting fixes and
keeping my firewall secure (though it might not be fully up-to-date in terms of
"Labor is prior to, and independent of, capital. Capital is only the fruit of
labor, and could never have existed if labor had not first existed. Labor is
the superior of capital, and deserves much the higher consideration." --
More information about the Firewall