Yeah, it needs those rules for e.g. port-forwarding into the containers.
But it doesnt really ‘nuke’ existing ones.
I have simply placed my rules at higher priority than normal. Very simple in nftables and good to not have rules mixed between nftables and iptables in unexpected ways.
You should filter as early as possible anyways to reduce ressource usage on e.g. connection tracking.
big reason why i switched to kopia, borg just doesnt cut it anymore…