[CentOS] CentO 8 and nftables default policy

Fri Apr 17 09:01:14 UTC 2020
Alessandro Baggi <alessandro.baggi at gmail.com>

Hi list,

I'm studying nftables. I'm using CentOS 8.1 (Gnome) and I disabled 
firewalld. I noticed that a default policy is created with tables and 
chains probably for firewalld.

So I created a .nft script where I stored my rules with a flush for 
previous ruleset, then saved on /etc/sysconfig/nftables.conf and the 
enabled nftables service.

Running the script with nft -f script.nft all work as expected but when 
rebooting, running nft list ruleset I find my rules and the default 
policy (chains and tables) that I would not have in my configuration.

My nftables.conf contains only my ruleset.

For example, running nft list tables I found several default tables like:

table ip filter
table ip6 filter
table bridge filter
table ip nat
table ip mangle

So probably there is something that is applying its policy but I ignore 
what is.

Can someone point me in the right direction?

Thank you in advance.