So, we can run Managed without firewalld active - tested that and it seems to be working as expected.

However, when the hosts are rebooted, the nftables ruleset is cleared and the Dynatrace firewall.sh script fails to load the nftables rules back (timeout), as it seemingly relies on firewalld - see output of firewall.sh status below.

./dynatrace.sh status
Redirecting to /bin/systemctl status dynatrace-firewall.service
× dynatrace-firewall.service - Dynatrace Firewall settings
Loaded: loaded (/etc/systemd/system/dynatrace-firewall.service; enabled; preset: disabled)
Active: failed (Result: timeout) since Thu 2026-04-09 15:28:55 SAST; 2min 15s ago
Main PID: 1617
CPU: 259ms

Apr 09 15:29:01 redacted.co.za firewall.sh[18570]: Error: Could not process rule: No such file or directory
Apr 09 15:29:01 redacted.co.za firewall.sh[18570]: insert rule inet firewalld mangle_PREROUTING jump dt_mangle_PREROUTING
Apr 09 15:29:01 redacted.co.za firewall.sh[18570]: ^^^^^^^^^
Apr 09 15:29:01 redacted.co.za firewall.sh[18576]: Error: Could not process rule: No such file or directory
Apr 09 15:29:01 redacted.co.za firewall.sh[18576]: insert rule inet firewalld filter_INPUT jump dt_filter_INPUT
Apr 09 15:29:01 redacted.co.za firewall.sh[18576]: ^^^^^^^^^
Apr 09 15:29:01 redacted.co.za firewall.sh[18578]: Error: Could not process rule: No such file or directory
Apr 09 15:29:01 redacted.co.za firewall.sh[18578]: insert rule inet firewalld filter_FORWARD jump dt_filter_FORWARD
Apr 09 15:29:01 redacted.co.za firewall.sh[18578]: ^^^^^^^^^
Apr 09 15:29:01 redacted.co.za firewall.sh[1617]: Adding rules ... failed.

 How do we get around this, and future proof it so that when Managed updates are applied, we do not have to redo all of the work manually again?

The current /etc/dynatrace.conf lists the following re: firewall

FIREWALL_ENABLED = true
FIREWALL_TYPE_DETECTION = on
FIREWALL_TYPE = nftables