I have an internal vnet with systems that needed access to the Internet. With the newer proxmox-firewall I was able to create a new table with the necessary rules and save the changes to /etc/nftables.conf but the rules are not loaded at boot. The documentation says this on custom rules: "If you want to create custom rules that live outside the Proxmox VE firewall configuration you can create your own tables to manage your custom firewall rules. proxmox-firewall will only touch the tables it generates, so you can easily extend and modify the behavior of the proxmox-firewall by adding your own tables." So while what I want to do is possible that same documentation makes no mention of saving the rules you create or making them persistent so they load during boot. I have tested loading the saved rules manually with "nft -f /etc/nftables.conf" but that is only if I login via a shell first.
One idea is to add a script to the proxmox-firewall.service configuration to save all rules on shutdown and have the service run "nft -f /etc/nftables.conf" after it has started. But I see that as a workaround at best and not a fix.
So does anyone know if there is an recommended way to keep custom nftables rules persistent?
One idea is to add a script to the proxmox-firewall.service configuration to save all rules on shutdown and have the service run "nft -f /etc/nftables.conf" after it has started. But I see that as a workaround at best and not a fix.
So does anyone know if there is an recommended way to keep custom nftables rules persistent?
