On Tue, Oct 4, 2022 at 2:32 AM Anssi Saari <a...@sci.fi> wrote:
> Dave Parker <dpar...@utica.edu> writes: > > > So, I copied /lib/systemd/system/nftables.service to > /etc/systemd/system/nftables.service, set > > ProtectHome=false, ran "systemctl daemon-reload", and now it works! > > Well, good, buy why not put configuration data in /etc instead of /root > where it belongs and keep the service as is? > > Personally I have my main or common rules in /etc/nftables.conf and have > in there include "/etc/nftables.conf.d/*" so that I can add extra input > rules for different computers. > > You're right that it probably should just go in /etc/nftables.conf. This was mostly just for testing; I had a fairly large ruleset in a file which was converted from an iptables script on another server, and instead of pasting that all into nftables.conf, I was hoping to keep it separate and use include to read it. Moving that to a location other than /root is the solution. Thanks!
