On Tue, 2019-05-07 at 12:07 +1000, Jobst Schmalenbach wrote:
Hi
Just got a new server replacing another server. I had to use iptables to protect it until I could move a hardware firewall from the old server to the new server.
Now I am trying to delete iptables but it wants to delete lots of other dependency packages, e.g. sendmail, cyrus-sasl and even plymouth.
Two comments on this really. First, why get rid of the iptables package(s)? Lots of things need it, it's fairly fundamental to the network. Why not just disable iptables - something like
systemctl disable iptables
is perfectly fine.
Second, why even disable it? The only reason I can see to disable or stop using it is to use, say, firewalld instead. All my machines still run some form of local firewall configuration even though they are behind 3, 4 or 5 hardware firewalls.
Can I just use "force" and "no-dependecies" to get rid of it?
No. The dependencies are there for a reason and the things that are dependent on it would probably just stop working. Those options are the "nuclear options" they aren't there because it's inconvenient to have dependencies.
P.