# cat /etc/rocky-release
Rocky Linux release 9.2 (Blue Onyx)
# systemctl status nftables.service
○ nftables.service - Netfilter Tables
Loaded: loaded (/usr/lib/systemd/system/nftables.service; disabled; preset: disabled)
Active: inactive (dead)
Docs: man:nft(8)
# grep Exec /usr/lib/systemd/system/nftables.service
ExecStart=/sbin/nft -f /etc/sysconfig/nftables.conf
ExecReload=/sbin/nft 'flush ruleset; include "/etc/sysconfig/nftables.conf";'
ExecStop=/sbin/nft flush ruleset
# cat /etc/sysconfig/nftables.conf
#...
#include "/etc/nftables/main.nft"
#...
# start by calling: 'nft list ruleset >/etc/sysconfig/nftables.conf'.
# tree /etc/nftables
/etc/nftables
├── main.nft
├── nat.nft
├── osf/
│ └── pf.os
└── router.nft
# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running)
# nft list ruleset
table inet firewalld {
chain mangle_PREROUTING {
...
}