Am 01.12.23 um 12:50 schrieb You Yu Lu:
Hello netfilter community, I have a question regarding the dependency of nftables.service. OS version: Ubuntu 22.04.1 LTS nftable package version: 1.0.2-1ubuntu2 In the default nftables.service unit file, it has a default dependency that it needs to be started before network-pre.target at boot. Based on my understanding, nftable rule are loaded before the network interfaces are configured. # /lib/systemd/system/nftables.service [Unit] Description=nftables Documentation=man:nft(8) http://wiki.nftables.org Wants=network-pre.target Before=network-pre.target shutdown.target Conflicts=shutdown.target DefaultDependencies=no What is the reason to start nftable service before networkd configured by default? Is this the intended behavior for nftable? Or is it fine to modify the service unit file and change the dependency to fit different use cases?
i would be interested to hear a use-case where you want fire up your network completly unprotected and after the damage ist done assign rules
