📖 ~1 min read
Table of contents
Symptom & Impact
Manual nftables rules disappear or do not match what’s expected after reload.
Environment & Reproduction
When both raw nft rules and firewalld try to manage the same chains.
rpm -q firewalld nftables
firewall-cmd --stateRoot Cause Analysis
firewalld owns the same chains and flushes manual additions on reload.
Quick Triage
List active tables and the firewalld backend.
nft list ruleset | head -60
firewall-cmd --get-zone-of-interface=eth0Step-by-Step Diagnosis
Identify which subsystem currently owns the rules.
firewall-cmd --permanent --direct --get-all-rules
nft list tables
Solution – Primary Fix
Pick a single owner; use direct rules in firewalld or disable firewalld.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 8080 -j ACCEPT
firewall-cmd --reload
Solution – Alternative Approaches
Disable firewalld and manage nftables directly via /etc/nftables.
systemctl disable --now firewalld
systemctl enable --now nftablesVerification & Acceptance Criteria
Rules persist across reload and reboot.
nft list ruleset | grep 8080
reboot && ssh ... # verify post-bootRollback Plan
Re-enable firewalld and remove manual nft files.
systemctl enable --now firewalldPrevention & Hardening
Document the chosen owner and gate changes through CI.
git -C /etc/firewalld log --oneline | headRelated Errors & Cross-Refs
Rules missing after reload, double NAT, dropped packets.
Related tutorial: View the step-by-step tutorial for centos-stream-10.
View all centos-stream-10 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
firewalld direct interface docs, nftables guide.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
