Comment 6 for bug 622431

ufw already has an upstart script and ufw is installed by default in Ubuntu as a Recommends of ubuntu-standard and therefore a part of all Ubuntu server installations. ufw can be used either via its cli command (man ufw), its framework (man ufw-framework) or a combination of both. People wanting to have a highly customized firewall can simply use /etc/ufw/*.rules and ignore the cli command completely (/etc/ufw/*rules use standard iptables-restore syntax and take care of all the heavy lifting of boot integration like making sure it is started before an interface comes up, etc, etc -- again, see 'man ufw-framework). Alternatively, there is shorewall which is also in main which may be better suited for a routing firewall depending on your needs.

As I recall, Debian used to provide this sort of script but it caused them a lot of grief. Their current view (I believe-- correct me if I'm wrong) is that iptables is intended to be a lowlevel tool only and it providing this sort of script a) gets in the way of other tools, like ufw, shorewall, firestarter, etc, and b) can not be flexible or robust enough for everyone's needs. Because I don't recall the full history (and others in this bug don't seem to either), I would be opposed to Ubuntu diverging from Debian on this point and potentially repeating history. People who want this functionality in iptables itself should work with Debian to find the best solution possible for Debian, Ubuntu and all their derivatives, after which we can sync with Debian.