File _service:tar_scm:backport-chore-nftables-add-de... of Package firewalld

File _service:tar_scm:backport-chore-nftables-add-delete-table-helper.patch of Package firewalld

From 8be561d26931832f000526cc41293700faa6c877 Mon Sep 17 00:00:00 2001
From: Eric Garver <eric@garver.life>
Date: Mon, 14 Aug 2023 09:13:29 -0400
Subject: [PATCH] chore(nftables): add delete table helper

This is to workaround an nftables issue where using the "delete" verb on
a table that does not exist will throw ENOENT. We can't use the newer
"destroy" verb because it's too new to rely upon.

A simple hack is to always add the table before deleting it. The "add"
is ignored if the table already exists.

Conflict: NA
Reference: https://github.com/firewalld/firewalld/commit/8be561d26931832f000526cc41293700faa6c877

---
 src/firewall/core/nftables.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
index f269afa9..ce8cb5e7 100644
--- a/src/firewall/core/nftables.py
+++ b/src/firewall/core/nftables.py
@@ -383,6 +383,17 @@ class nftables:
         # Tables always exist in nftables
         return [table] if table else IPTABLES_TO_NFT_HOOK.keys()
 
+    def _build_delete_table_rules(self, table):
+        # To avoid nftables returning ENOENT we always add the table before
+        # deleting to guarantee it will exist.
+        #
+        # In the future, this add+delete should be replaced with "destroy", but
+        # that verb is too new to rely upon.
+        return [{"add": {"table": {"family": "inet",
+                                   "name": table}}},
+                {"delete": {"table": {"family": "inet",
+                                      "name": table}}}]
+
     def build_flush_rules(self):
         # Policy is stashed in a separate table that we're _not_ going to
         # flush. As such, we retain the policy rule handles and ref counts.
-- 
2.33.0