network/networkd-address: don't set up firewall rules here

Don't set up firewall rules when we're just initializing the firewall context
for NFT sets.

Fixes: #30257

diff --git a/src/network/networkd-address.c b/src/network/networkd-address.c
index c1a8cd884a81528af0c3219bff855a501cc6d359..70711376767b43e7cd4466da5b1b3e973859320d 100644 (file)
--- a/src/network/networkd-address.c
+++ b/src/network/networkd-address.c
@@ -645,7 +645,7 @@ static void address_modify_nft_set_context(Address *address, bool add, NFTSetCon
         assert(nft_set_context);
 
         if (!address->link->manager->fw_ctx) {
-                r = fw_ctx_new(&address->link->manager->fw_ctx);
+                r = fw_ctx_new_full(&address->link->manager->fw_ctx, /* init_tables= */ false);
                 if (r < 0)
                         return;
         }