Hi,
Agree, I don't think it makes much sense to split things into many small pieces.
- Do you need/want a firewall (requires iptables, etc)?
I'd say yes by default, but being able to remove it might be useful (kernel-netfilter subpackage)?
So you agree multi-tiered subpackages is a bad idea,
On the hardware support side it is a bad idea I think. Too many different use cases and lines between them are blurry, so I suspect it becomes messy quickly if you try to split it fine-grained.
but then you propose a netfilter specific subpackage? ... Probably not. They'll likely just be in kernel-core.
"all netfilter modules" is pretty clear and so is the use case (=want firewall). But maybe not worth the trouble, didn't check what size they sum up to.
cheers, Gerd