On Fri, Dec 1, 2023, at 08:43, Serg wrote: > On 12/1/23 13:15, Reindl Harald wrote: >> >> i would be interested to hear a use-case where you want fire up your network completly unprotected and after the damage ist done assign rules >> > > For example netdev table If the devices used in the netdev table chains are virtual (VLAN subinterfaces, bridges, etc.) then you're back in the same situation, you can't create those chains/rules until the interfaces exist. I'm in a situation like that right now, so I've chosen to copy the nftables service unit file and make a specialized nftables-netdev service unit which has different dependencies and also waits for systemd-networkd to indicate that all of the necessary virtual interfaces have been created. The 'standard' service unit file is just a starting point, and will only work for the most basic of configurations. Admins should feel free to not use it at all if they wish (I don't), and to create their own service units which properly order things to match their system's requirements.
