How should I make changes to the nft ruleset that persist over a reboot? I would have thought that editing /etc/nftables.conf would be one way to do this but, as far as I can tell, that file is not getting loaded on reboot. See below that just after reboot, the ruleset is empty but after sourcing /etc/nftables.conf a few rules get added (as expected).
This is being run on a fresh ubuntu 24.04 virtualbox install. As far as I know there's nothing installed that would override nft rulesets (docker, lxd, vpn, etc)
root@vbox50:/#
root@vbox50:/# : note that no rulesets are defined
root@vbox50:/# nft list ruleset
root@vbox50:/#
root@vbox50:/#
root@vbox50:/# : now source in /etc/nftables.conf
root@vbox50:/# /etc/nftables.conf
root@vbox50:/#
root@vbox50:/# : now rulesets are defined
root@vbox50:/# nft list ruleset
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
}
chain forward {
type filter hook forward priority filter; policy accept;
}
chain output {
type filter hook output priority filter; policy accept;
}
}
root@vbox50:/#
root@vbox50:/#
root@vbox50:/# cat /etc/nftables.conf
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority filter;
}
chain forward {
type filter hook forward priority filter;
}
chain output {
type filter hook output priority filter;
}
}
root@vbox50:/#
