New comment by ailiop-git on void-packages repository

https://github.com/void-linux/void-packages/pull/31145#issuecomment-849550647

Comment:
I generally dislike splitting config files over those ``blah.d`` dirs (especially when they're scattered around the hier like sysctl.d..), but that's just a personal preference. If this change indeed serves a real and actual need right now, then so be it.

My only two other comments would be:

The naming of the ``rule`` var may be misleading; those are ``ruleset`` fragments (technically tables since this is the minimum granule that iptables can operate on but oh well), rather than individual filtering rules being loaded at every iteration.

Also, why not just ``cat /etc/iptables/iptables.rules /etc/iptables.d/*.rules | iptables-restore`` so that the entire aggregated ruleset will be loaded in one-go rather than invoking iptables-restore repeatedly? This would simplify and avoid the need to add the --noflush flag and the counter/exit code issue altogether.