On Thursday 2025-03-06 15:16, Eric Garver wrote: > >to save the entire running ruleset. That's what I do. Mostly because I >want to make sure runtime accepts it before I make it permanent. > >Perhaps this is not mentioned due to the `flush ruleset`. We could >suggest saving runtime to a file that's included from main.nft, thus >retaining the flush. I'll add it. >> +[Install] >> +WantedBy=sysinit.target > >The service definition is pretty close to the RHEL one [1]. The major >difference is DefaultDependencies=no, i.e. early boot service. I think >setting this to 'no' is okay for nftables. I don't see any >incompatibilities with the RHEL version. The patch already contains DefaultDependencies=no. https://lore.kernel.org/netfilter-devel/Z9wgoHjQhARxPtqm@xxxxxxxxxxxxx/T/#m8f856650f1553a3b6a0ed17af37ce1ad5acb3227
