RFE: firewall combine setup_network and setup_port_forward into one function

[Luap99]

Splitting the logic into two separate functions just seems to make the code more complicated, looking at iptables where we mostly use different table that may have made more sense but if we consider the nftables driver this seems like the wrong choice.

For nftables we only need to dump the rules once yet because the code is split into two functions calls we end up dumping the ruleset twice which makes things slower than it needs to be.

netavark/src/firewall/nft.rs

Line 94 in ad066d4

let existing_rules = helper::get_current_ruleset(None, None)?;

netavark/src/firewall/nft.rs

Line 548 in ad066d4

let existing_rules = helper::get_current_ruleset(None, None)?;

The same goes for the teardown functions.

[shivkr6]

Does this need to be done for all firewall driver implementations (iptables, nftables, firewalld, fwnone)?

[Luap99]

Yes this would need be done for all drivers.