[Freedombox-discuss] firewalld upgrade
James Valleroy
jvalleroy at mailbox.org
Sat Nov 19 13:55:02 UTC 2016
On 11/19/2016 06:24 AM, permondes - sagen wrote:
> firewalld has a conffile prompt and I am not sure which version I should
> use. The changes are:
>
>> -DefaultZone=external
>> +DefaultZone=public
>> IPv6_rpfilter=yes
>> +IndividualCalls=no
>> +LogDenied=off
>
> Is it save to take the new settings or will e.g. DefaultZone impact
> FreedomBox?
FreedomBox does expect the DefaultZone to be external. I think the
safest option is to:
1) Choose 'y' to take the maintainer's version of this file.
2) Run "sudo firewall-cmd --set-default-zone=external" to change the
DefaultZone back to external.
Of course this is not a good user experience, and will prevent automatic
upgrades of firewalld whenever the package modifies this file.
The root cause is that /etc/firewalld/firewalld.conf is a conffile, and
firewalld modifies this file when we run the above command.
--
James
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20161119/f1d0c583/attachment.sig>
More information about the Freedombox-discuss
mailing list