nft stop-command destroys rules not managed by nft config

[nekopsykose]

the stop command does

stop-command = /usr/bin/nft flush ruleset

which means that a mere dinitctl restart nftables destroys all rules, then reruns /etc/nftables.nft

this means it's impossible to use dinitctl restart nftables while having rules that are external to the /etc configuration. libvirt, tailscale, podman, ... all create their own configuration into nft (whether directly or via iptables-nft, the latter of which leave # Warning: table ip6 nat is managed by iptables-nft, do not touch! comments)

technically, this is easily solved by just not using restart and running nft -f /thefile instead (after writing it in a way that it would work to do that), but it would be nice if this stop command was just not ran at all, or only ran for shutdown stop and not restart stop (not sure if this can be changed), since currently this immediately bricks the nft rules otherwise

[nekopsykose]

though given how everyone else seems to do the same thing maybe this is fine as is

[nekopsykose]

hm yea it's fine