On 3/5/25 22:35, Pablo Neira Ayuso wrote:
Hi Jan,
I added a few more people to Cc.
On Fri, Feb 28, 2025 at 09:59:35PM +0100, Jan Engelhardt wrote:
There is a customer request (bugreport) for wanting to trivially load a ruleset
from a well-known location on boot, forwarded to me by M. Gerstner. A systemd
service unit is hereby added to provide that functionality. This is based on
various distributions attempting to do same, cf.
https://src.fedoraproject.org/rpms/nftables/tree/rawhide
https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/nftables/
nftables.initd
https://gitlab.archlinux.org/archlinux/packaging/packages/nftables
Any chance to Cc these maintainers too? Given this is closer to
downstream than upstream, I would like to understand if this could
cause any hypothetical interference with distro packagers.
Only subtle nitpick I see with this patch is that INSTALL file is not
updated to provide information on how to use --with-unitdir=.
I have mixed feelings about having this systemd service file in this repository.
Will this file be maintained wrt. systemd ecosystem updates? Or will it be
outdated and neglected after a few years?
For most folks, I assume they will run nftables via firewalld or any other
ruleset manager, unless they know what they are doing. And if they know what
they are doing (i.e, they have crafted their own firewalling system), then most
likely the systemd config in this repo is ignored.
