Am 01.12.23 um 14:43 schrieb Serg:
On 12/1/23 13:15, Reindl Harald wrote:
i would be interested to hear a use-case where you want fire up your
network completly unprotected and after the damage ist done assign rules
For example netdev table
how does that change the fact that you *never* want any interface in
up-state before filters are in place? "What is the reason to start
nftable service before networkd configured by default?" has a simple
answer: common sense
anyways - you *never* touch /lib/systemd/system/nftables.service
that's what /etc/systemd/system/nftables.service to *completly* replace
a system unit is for in case a drop-in isn't enough
keep your dirty fingers from files which are part of a package while the
package manager keeps it's dirty fingers from /etc
