We have default table names like
```
table ip filter
table ip6 filter
table ip nat
table ip6 nat
table inet mangle
table ip raw
table ip6 raw
table ip mangle
table ip6 mangle
```
I propose to change names to `vyos_xxx`:
```
table ip vyos_filter
table ip6 vyos_filter
table ip vyos_nat
table ip6 vyos_nat
table inet vyos_mangle
table ip vyos_raw
table ip6 vyos_raw
table ip vyos_mangle
table ip6 vyos_mangle
```
It can prevent overlap with some customer rules or some custom apps which can affect the firewall configuration
Just one example, `tailscale` by default can add its own firewall rules to `filter` and `nat`
```
vyos@r14# sudo nft list table filter
table ip filter {
chain VYOS_FW_FORWARD {
type filter hook forward priority filter; policy accept;
jump VYOS_POST_FW
}
chain VYOS_FW_LOCAL {
type filter hook input priority filter; policy accept;
jump VYOS_POST_FW
}
...
chain ts-input {
iifname "lo" ip saddr 100.116.x.88 counter packets 0 bytes 0 accept
iifname != "tailscale0" ip saddr 100.115.x.0/23 counter packets 0 bytes 0 return
iifname != "tailscale0" ip saddr 100.64.0.0/10 counter packets 0 bytes 0 drop
}
chain ts-forward {
iifname "tailscale0" counter packets 0 bytes 0 meta mark set 0x40000
mark 0x40000 counter packets 0 bytes 0 accept
oifname "tailscale0" ip saddr 100.64.0.0/10 counter packets 0 bytes 0 drop
oifname "tailscale0" counter packets 0 bytes 0 accept
}
}
[edit]
vyos@r14#
table ip nat {
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
counter packets 195 bytes 19483 jump VYOS_PRE_DNAT_HOOK
}
...
chain ts-postrouting {
mark 0x40000 counter packets 0 bytes 0 masquerade
```
It will cause a commit error:
```
vyos@r14# compare
+firewall {
+ name FOO {
+ default-action drop
+ rule 10 {
+ action accept
+ }
+ }
+}
[edit]
vyos@r14# commit
[ firewall ]
Failed to apply firewall
[[firewall]] failed
Commit failed
[edit]
vyos@r14#
```
Rename tables to `vyos_xxx` can prevent such issues in the future.