And re: declarative, `nft -f foo` loads rules from the file named `foo`, and some distros like Debian define an nftables service that will use this to load `/etc/nftables.conf` etc.
Or if you want to use firewalld you can configure it to use its nftables backend.
Or if you want to use firewalld you can configure it to use its nftables backend.