[Firewall] 2.0.1 on debian squeeze?

Intense Red intnsred at golgotha.net
Mon Feb 27 15:40:53 CET 2012

> What I miss though is the file debconf.cfg, because that seemed
> to me a nice abstract of firewall.conf, easier to find and edit
> things.

   It sounds to me like you're mixing the Arno's tarball *and* Debian's *.deb 
package. I wouldn't do that; I'd choose one or the other.

   The Debian package is modified to fit Debian's policies and standard file 
locations -- that's great, and adds some standardization and Debian, and of 
course it's easily manipulated with dpkg and apt-get.

   The drawback of the Debian package is that it may not be the latest version 
of the software. Debian's policy regarding its major "stable" releases of 
Debian clearly draws a line between "bug (or security) software fixes" and 
"feature/version software upgrades". This makes sense from a software 
development and stability standpoint, but it's not what most people are 
conditioned to expect. Most people don't think in term of whether an upgrade 
is a feature upgrade or a bug-fix upgrade.

   The good news is that under this scheme Debian's package maintainer is 
expected to "backport" bug/security fixes to the older software in the Debian 
stable release. This can make for some odd program version numbering schemes. 
For example, the Debian package might be Program ver. 3.23Debian4 whereas the 
upstream program is Program ver. 4.0, with the Debian version including bug 
fixes from the later version 4 program.

   My own preference for frequently changing programs like web apps or 
something like Arno's firewall, is to not use the Debian package. These types 
of programs are pretty independent and easily upgraded, and often I want the 
latest-greatest upstream version, so I'll not use the Debian *.deb and will 
just use the author's released tarball.

   For Arno's firewall, it's sanely designed and easily installed or removed, 
and it doesn't play around with other parts of the Debian system -- very well 
behaved. Thus, it's easy to install, uninstall and reinstall when a new 
version is released.

   If you view it a requirement to use Debian's debconf.cfg, if it were me, 
I'd just then ignore and not install the tarball, and would rely on the *.deb 
and  the *.deb's package maintainer to ensure that he's backporting fixes and 
keeping my firewall secure (though it might not be fully up-to-date in terms of 

"Labor is prior to, and independent of, capital. Capital is only the fruit of 
labor, and could never have existed if labor had not first existed. Labor is 
the superior of capital, and deserves much the higher consideration." -- 
Abraham Lincoln

More information about the Firewall mailing list