Add a way of identifying what parts of the firewalld configuration generated specific nftables (or iptables, if that backend is used) rules to aid in debugging.
Why is this needed
When using firewalld (particularly complicated configurations involving numerous NAT + port forwarding rules, as Podman often creates), it is very difficult to tell why things aren't working. I can trace packets through nftables to identify where things are going wrong, but it's very difficult to correlate an identified problem in the generated nftables rules to the firewalld configuration causing the problem.
What would you like to be added
Add a way of identifying what parts of the firewalld configuration generated specific nftables (or iptables, if that backend is used) rules to aid in debugging.
Why is this needed
When using firewalld (particularly complicated configurations involving numerous NAT + port forwarding rules, as Podman often creates), it is very difficult to tell why things aren't working. I can trace packets through nftables to identify where things are going wrong, but it's very difficult to correlate an identified problem in the generated nftables rules to the firewalld configuration causing the problem.