I am working towards getting Debian packaging created for nftfw 1.0. Getting it into the debian release is likely to be a longer journey, and sorting out how to get the binary package out is on my list to do. Anyway, I am making some simplifications (and error detection) for a broader user base.
For example, nftfw post 0.7.14 will use the owner/group of the etc/nftfw file to set file ownership when writing files - losing the user setting from the config.ini - and asking it at install time. So once it’s live: chown -R on the directory will just work, no need to tell nftfw.
I want to insist that all control files are in /usr/local/etc/nftfw (or /etc/nftfw in the package) losing the nftfw_base config setting - and the ability to use extant /etc/sympl/firewall files. It’s probably better not to do this anyway, it won’t work with home grown rules for example. I used this when I was bootstrapping, but not since.
I can provide an import script that will setup the nftfw files from the current /etc/S*/firewall files, this will have to flag any rules that are not supported. I doubt that many people have written their own rules, and if they have, they should be capable of creating replacements. But a live conversion script will work in most cases, so seems a good idea.
Can I have some thoughts on this?
a) OK to lose ability to access /etc/sympl/firewall?
b) Do I need to write an import script?