Allow NftablesFlowtable to specify interfaces that is not yet prepared when firewalld initializes

[karuboniru]

What would you like to be added

I was trying enable flow table optimization to some wireguard interface and bridge. Those interfaces are not present when firewalld starts. In this case, seems that firewalld thinks the whole firewalld.conf is invaild and reset it to default.... (Trust me it takes me sometime to realize why my configuration was reset everytime after reboot).

This can be confusing and quite disappointing since most intensive forwarding happens between some kind of bridges, which can usually be created by things like NetworkManager for most people building routers.

Though onecould add things like dependency to NetworkManager-wait-online but I think it is not always a good idea since this will allow some time window that some interfaces are configured but firewall is not there.

Why is this needed

See above.

[karuboniru]

And everytime when the reset of configuration happens following logs is recorded:

10月 22 04:37:36 epyc-server firewalld[1840]: ERROR: 'python-nftables' failed: internal:0:0-0: Error: Could not process rule: 没有那个文件或目录
                                               
                                               internal:0:0-0: Error: Could not process rule: 没有那个文件或目录
<very long JSON object, retracted>

没有那个文件或目录 should be the translation of no such files or directory

[erig0]

This is difficult. It would require firewalld to listen for device/interface creation. Currently firewalld doesn't manage interfaces in any way.