Package: nftables Version: 1.1.3-1 Severity: important Dear Maintainer,
During unattended-upgrade from nftables version 1.1.2-1 to 1.1.3-1, my containers with exposed ports no longer work until I restart them. It seems that during package upgrade, nftables.postinst tried to restart nftables.service and executed the command line specified in ExecStop= directive, which flushed the whole ruleset. Although nftables rules can be loaded from /etc/nftables.conf via ExecStart=, all iptables rules were lost and exposed ports for my containers stop working. I didn't expect flushing the whole ruleset during package upgrade. As that breaks all application maintaining iptables rule in runtime. -- System Information: Debian Release: 13.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Versions of packages nftables depends on: ii libc6 2.41-9 ii libedit2 3.1-20250104-1 ii libnftables1 1.1.3-1 Versions of packages nftables recommends: ii netbase 6.5 Versions of packages nftables suggests: pn firewalld <none> -- no debconf information
