@RL_Dane @justine We had a deeply flawed firewall dsl in chef that supported multiple backends, but it was exhausting and continually unmaintained. I don’t know if the nftables backend ever got implemented. I was trying to break it apart last year.
But @mwl introduced me to NetBSD’s blocklistd a bit ago and it’s a lovely single purpose tool supporting many backends.