fix nftables (firewall) mechanism

install.py

@@ -149,6 +149,7 @@ def router(**opts):
     if not opts:
         return None
     try:
+        os.remove(join(TOOLS, 'to_system/etc/nftables.conf'))
         with open(f'{TOOLS}/requirements.txt') as f:
             pip_requirements['root']['tools'] = f.read()
     except FileNotFoundError:
@@ -193,7 +194,7 @@ def pip():
                     os.remove(tmpname)
             else:
                 print(pipcmd)
-            # unix_cmd(pipcmd, stdout=None)
+            unix_cmd(pipcmd, stdout=None)
             show.dirty = True
 
 
@@ -506,7 +507,7 @@ def handle_config():
         if parser.has_section(section):
            servicecfg = service_func(**dict(parser[section]))
         else:
-           servicecfg = None
+           servicecfg = service_func()  # allow to handle missing service
         result = unix_cmd('systemctl show -p WantedBy -p ActiveState %s' % service, True)
         active = False
         enabled = False
@@ -522,6 +523,12 @@ def handle_config():
             if enabled:
                 unix_cmd('systemctl disable %s' % service)
                 show.dirty = True
+            if service == 'router' and active or enabled:
+                if doit:
+                     shutil.copy(join(TOOLS, 'nftables.conf'), '/etc/nftables.conf')
+                else:
+                     print('cp nftables.conf /etc/nftables.conf')
+                unix_cmd('systemctl restart nftables')
         else:
             if not enabled:
                 to_start[service] = 'enable'