Control: tags -1 + security Hey.
Isn't this also a security issue? I mean: - a simple systemctl restart will cause a stop first and for a short amount of time, all packets will be allowed... and presumably, if the nft config contains an error, the subsequent start would fail and netfilter would stay completely open - similarly, during shutdown all rules will be unloaded.... if for some reason the networking would be still up and processes running, security could be compromised IMO, stop should simply be a no-op, perhaps merely printing some text that nothing is done and how a flush would be performed manually. Cheers, Chris.
