> However, this would only insert the flow table statements on server > bootup. Since '/etc/nftables/firewall.nft' ttself *wouldn't* contain > the flow tables statements, any 'systemctl reload nftables' or 'nft -f > /etc/nftables/firewall.nft' action (to apply a rule change, for > example) would essentially get rid of the flow tables mechanism from > the running system, wouldn't it? I guess there's no "equivalent" of iifname/oifname for flow table devices where you could refer to a device that does not (yet) exist? -Martin
