which means that a mere dinitctl restart nftables destroys all rules, then reruns /etc/nftables.nft
this means it's impossible to use dinitctl restart nftables while having rules that are external to the /etc configuration. libvirt, tailscale, podman, ... all create their own configuration into nft (whether directly or via iptables-nft, the latter of which leave # Warning: table ip6 nat is managed by iptables-nft, do not touch! comments)
technically, this is easily solved by just not using restart and running nft -f /thefile instead (after writing it in a way that it would work to do that), but it would be nice if this stop command was just not ran at all, or only ran for shutdown stop and not restart stop (not sure if this can be changed), since currently this immediately bricks the nft rules otherwise
the stop command does
which means that a mere
dinitctl restart nftables
destroys all rules, then reruns /etc/nftables.nftthis means it's impossible to use
dinitctl restart nftables
while having rules that are external to the /etc configuration. libvirt, tailscale, podman, ... all create their own configuration into nft (whether directly or via iptables-nft, the latter of which leave# Warning: table ip6 nat is managed by iptables-nft, do not touch!
comments)technically, this is easily solved by just not using restart and running
nft -f /thefile
instead (after writing it in a way that it would work to do that), but it would be nice if this stop command was just not ran at all, or only ran for shutdown stop and not restart stop (not sure if this can be changed), since currently this immediately bricks the nft rules otherwise