927744 – net-firewall/nftables: support loading config file from /etc

Bug 927744 - net-firewall/nftables: support loading config file from /etc

Summary: net-firewall/nftables: support loading config file from /etc

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal enhancement (vote)
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-03-24 18:48 UTC by Alfred Persson
Modified:	2024-03-24 23:34 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alfred Persson 2024-03-24 18:48:17 UTC

Hi! The current nftables .init-r1 and .service files only support loading rules from a save file in /var/lib/nftables/rules-save. This makes sense when using nftables interactively, but it's a hassle when you want to keep a single config file.

Alpine supports both with their init file: https://git.alpinelinux.org/aports/tree/main/nftables/nftables.initd

Fedora just loads from /etc/nftables/main.nft.

I suggest supporting both like Alpine, but I am unsure if it's best to keep the init files separate.

Reproducible: Always