f835cdf1d6
The current behavior stomps on the rules that programs like podman or tailscale set up for port forwarding. With this change, we split port forwardings into a separate chain, which allows us to create the ruleset once at startup and then only update the port forwardings specifically (the only dynamic part of router7’s nftables ruleset).