feat(nft): add source IP filtering for DNAT rules and expose table existence checks

ts/nft.manager.ts

@@ -133,6 +133,22 @@ export class SmartNftables {
     this.hasFilterChains = false;
   }
 
+  /**
+   * Check if the managed nftables table exists in the kernel.
+   * Returns false if not root, not initialized, or the table was removed externally.
+   */
+  public async tableExists(): Promise<boolean> {
+    if (!this.executor.isRoot() || !this.initialized) {
+      return false;
+    }
+    try {
+      await this.executor.exec(`nft list table ${this.family} ${this.tableName}`);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+
   /**
    * Get status report of the managed nftables state.
    */