I was looking for a firewall for a Debian box used as a workstation with one network interface. I found a choice of 16 at https://wiki.debian.org/Firewalls , but after some time looking at Shorewall I realized that the familiar SuSEfirewall2 would be much simpler and easier to set up. As an added bonus, SuSEfirewall2 offers easy to use hooks to add custom functions, for example to use ipsets. I copied the following 42.3 files: /usr/sbin/SuSEfirewall2 (Check directories of utility programs) /usr/share/SuSEfirewall2/rpcusers /usr/share/SuSEfirewall2/defaults/50-default.cfg /etc/sysconfig/SuSEfirewall2 /etc/sysconfig/SuSEfirewall2.d/services/* /etc/sysconfig/scripts/SuSEfirewall2-* /etc/systemd/system/SuSEfirewall2_setup.service (Soft link) /usr/lib/systemd/system/SuSEfirewall2.service ExecStart=/bin/bash /sbin/SuSEfirewall2 boot_setup ExecStop=/bin/bash /sbin/SuSEfirewall2 systemd_stop /usr/lib/systemd/system/SuSEfirewall2_init.service ExecStart=/bin/bash /sbin/SuSEfirewall2 boot_init I created directory /var/run/SuSEfirewall2 and I had a fully working stateful packet filter firewall. My custom Bash script which sets up ipsets worked at the first attempt. For openSUSE admins who also have to manage other distributions, SuSEfirewall2 on Debian - recommended. Roger -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org