nixos-firewall-tool: broken with nf_tables

[6543]

Describe the bug

use nftables over iptables on your system and try to use the nixos-firewall-tool to open a port temporary ...

Steps To Reproduce

Steps to reproduce the behavior:

1. set networking.nftables.enable = true; on your nixos
2. open a shell with nixos-firewall-tool (nix shell nixpkgs#nixos-firewall-tool)
3. try to use it e.g. sudo nixos-firewall-tool show, sudo nixos-firewall-tool open tcp 3000, ...

Expected behavior

working ports etc...

Screenshots

Additional context

Add any other context about the problem here.

Notify maintainers

@clerie

Metadata

• system: "x86_64-linux"
• host os: Linux 6.10.1-zen1, NixOS, 24.05 (Uakari), 24.05.20241031.a500034
• multi-user?: yes
• sandbox: yes
• version: `nix-env (Lix, like Nix) 2.91.1
• nixpkgs: /nix/store/c73xqpp5pfzfiqfz5d89bn945fqdhgx1-source

---

Add a 👍 reaction to issues you find important.

[6543]

nft add rule inet nixos-fw input-allow tcp dport 3234 accept comment "added_by_nixos-firewall-tool"

nft -a list chain inet nixos-fw input-allow | grep added_by_nixos-firewall-tool

nft delete rule inet nixos-fw input-allow handle 23

[6543]

looks like cabbab1 (#324615) solved it already ... can we backport it?

[nbdd0121]

This is known, which is why nixos-firewall-tool is not added to system packages if you use nftables.

Given that 24.11 is close, I think we probably shouldn't backport it.

[6543]

should we have this issue open and backport it after 24.11 is out?
or close it and mark it as solved?

[nbdd0121]

What do you mean by backport after 24.11 is out? #324615 will be in 24.11.

If we don't backport to 24.05 then there's nothing to act.