Package: sanewall Version: 1.0.2+ds-1 Severity: normal The sanewall package conflicts with firehol. I guess this makes a certain degree of sense, because only one set of rules can be active at a time. But no similar conflict exists for other iptables based firewall tools (e.g. ufw, shorewall, uruk, ipkungfu, etc). Having multiple tools installed isn't really a problem so long as only one is setup to restore on boot. For both sanewall and firehol this is controlled by a file in /etc/default.
The policy manual lists 3 reasons for conflicts http://www.debian.org/doc/debian-policy/ch-relationships.html#s-conflicts - when two packages provide the same file - in conjunction with Provides when only one package providing a given virtual facility may be unpacked at a time.. - in other cases where one must prevent simultaneous installation of two packages for reasons that are ongoing (not fixed in a later version of one of the packages) or that must prevent both packages from being unpacked at the same time, not just configured. I don't think firehol meets the criteria. - Firehol and Sanewall don't have a file conflict. - Both packages can be installed and un-configured and not cause problems. - There is currently no virtual package related to an iptables management tool. This is a problem for me. I was thinking I could pre-install sanewall on all my systems, and as I start to implement IPv6 switch from firehol to sanewall along with updating the rules. Preinstalling isn't possible since sanewall removes firehol. Chris Francy
