* In order for the nftables-restore systemd service to start, * the file, /var/lib/nftables/rules-save, must exist. To create this * file run the following command: * * touch '/var/lib/nftables/rules-save' * * Afterwards, the nftables-restore service should be manually started * to ensure firewall changes are stored on system shutdown. The * systemd service will function normally thereafter. This is so retarded, it makes me angry to see it. This is *NOT* how we do systemd units, and it looks like some sick attempt to port OpenRC retardation into systemd world while making it look seemingly correct albeit completely retarded. Retarded, retarded, retarded, ARGV! Now, seriously speaking: 1. Requiring user to take manual action to make a retarded unit file work is *unacceptable*. 2. Restore unit is *NOT* supposed to save stuff. That's why it's called 'restore'. The unit saving stuff is supposed to be separate and called -- wait for it... -- 'store'! For comparison, see iptables.
It looks like this package was proxy maintained for a while, and this systemd setup probably originates from that. I agree that it would be ideal to have iptables and nftables work more similarly.
fixed via touching the file if it doesn't exist in pkg_postinst