firewalld config prompt during upgrades
I don't think plinth is doing anything wrong here. It doesn't modify the conffile directly, and instead uses the interface provided by firewalld. But this is still a usability bug for FreedomBox.
vagrant@freedombox:~$ sudo apt install firewalld
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
firewalld
1 upgraded, 0 newly installed, 0 to remove and 249 not upgraded.
Need to get 0 B/430 kB of archives.
After this operation, 61.4 kB disk space will be freed.
(Reading database ... 112986 files and directories currently installed.)
Preparing to unpack .../firewalld_0.6.1-2_all.deb ...
Unpacking firewalld (0.6.1-2) over (0.4.4.6-2) ...
Setting up firewalld (0.6.1-2) ...
Configuration file '/etc/firewalld/firewalld.conf'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** firewalld.conf (Y/I/N/O/D/Z) [default=N]
--- /etc/firewalld/firewalld.conf 2018-07-17 18:20:20.028000000 +0000
+++ /etc/firewalld/firewalld.conf.dpkg-new 2018-08-23 15:26:58.000000000 +0000
@@ -3,7 +3,7 @@
# default zone
# The default zone used if an empty zone string is used.
# Default: public
-DefaultZone=external
+DefaultZone=public
# Minimal mark
# Marks up to this minimum are free for use for example in the direct
@@ -55,3 +55,10 @@
# will be used. Possible values are: yes, no and system.
# Default: system
AutomaticHelpers=system
+
+# FirewallBackend
+# Selects the firewall backend implementation.
+# Choices are:
+# - nftables (default)
+# - iptables (iptables, ip6tables, ebtables and ipset)
+FirewallBackend=iptables