mirror of
https://github.com/containers/netavark.git
synced 2026-02-05 06:45:56 +01:00
3439753379
On systems using nftables directly without firewalld, restarting the nftables.service would flush all of Netavark's rules, breaking container networking. This introduces a new "oneshot" command, `netavark firewall-reload`, which reads the container network state from /run/containers/netavark/ and re-applies all necessary firewall rules. To automate this, a new systemd service, `netavark-nftables-reload.service`, is added. This service is procedurally linked to `nftables.service` and triggers the reload command automatically whenever the main nftables service is started or reloaded. Fixes: #1258 Signed-off-by: Rishikpulhani <rishikpulhani@gmail.com>