This patchset make "nftables-service-type" extendable, so other services could open port. I wrote this to be able to use libvirt with nftables (another patch is comming about that) like this: --8<---------------cut here---------------start------------->8--- (simple-service 'nftables-libvirt nftables-service-type (list "# Libvirt? add rule inet guix forward ct state established,related accept add rule inet guix forward iifname \"virbr*\" accept add chain inet guix libvirt insert rule inet guix input iifname \"virbr*\" jump libvirt insert rule inet guix libvirt udp dport 53 accept insert rule inet guix libvirt tcp dport 53 accept insert rule inet guix libvirt udp dport 67 accept ")) --8<---------------cut here---------------end--------------->8--- So this should make it possible to implement Solene's "simple-firewall-service"¹ by simply extending "nftables-service-type". Also, now, stopping nftables only remove the "guix" table so other software can use their own namespaces without being purged when that service is stopped. WDYT? ¹ Brice Waegeneire (2): services: nftables: Only manage delete our own table. services: nftables: Make it extendable. gnu/services/networking.scm | 51 +++++++++++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 10 deletions(-) -- 2.31.1