Eric Garver <eric@xxxxxxxxxxx> wrote: > On Wed, Dec 13, 2023 at 01:13:54PM +0100, Phil Sutter wrote: > > Hi, > > > > On Tue, Dec 12, 2023 at 05:47:22PM -0500, Eric Garver wrote: > > > I'm not concerned with optimizing for the crash case. We wouldn't be > > > able to make any assumptions about the state of nftables. The only safe > > > option is to flush and reload all the rules. > > > > The problem with crashes is tables with owner flag set will vanish, > > leaving the system without a firewall. > > I'd rather see the daemon be automatically restarted. After a crash you > still have a flush + re-apply on daemon restart. Avoiding the cleanup > due to table owner flag only shortens the window. But the filter rules are gone for a short time, leaving e.g. an ipv6 network we're routing for wide open. Same for any exposed containers or VMs. So I'd say as-is the owner flag is harmful for filtering. I'm fine with adding a flag that keeps the orphaned table around and allows to (re)take ownership.
