Thomas Haller <thaller@xxxxxxxxxx> wrote: > Isn't the problem to solve that `nft flush ruleset` deletes tables > owned by somebody else (firewalld)? If they are 'owned', then no, they are not flushed, thats one of the points of the owner thing. > A "persist" flag sounds like a good solution. It would just have > informational value (for user space) to be skipped by `nft flush > ruleset`. 'flush' doesn't pass the to-be deleted tables to the kernel, so this cannot be implemented via informational tags in userspace.
