> > > Will honoring -a/--handle break firewalld? firewalld doesn't use the nft command line, only libnftables (via py/src/nftables.py). However, on the libnftables API the same problem happens. Namely, that the nft output by default does not show handles, and you have to opt-in via NFT_CTX_OUTPUT_HANDLE. On the other hand, the JSON output always outputs handles. Starting to honor a lack of NFT_CTX_OUTPUT_HANDLE with JSON output is an obvious change in behavior (well, or rather a bugfix). The good new is, that firewalld wouldn't care about that either, because since forever it calls Nftables.set_handle_output(True) and always sets NFT_CTX_OUTPUT_HANDLE. Thomas
