Enable nftables support (needs nf_tables* kernel modules)

[skrueger8]

Hi,

Debian Buster will use nftables instead of iptables, see https://wiki.debian.org/nftables

Starting with Debian Buster, nf_tables is the default backend when using iptables, by means of the iptables-nft layer (i.e, using iptables syntax with the nf_tables kernel subsystem).

Raspbian Kernel 4.19 doesn't have the nf_tables* modules for this right now.

pi@raspberrypi:~ $ uname -a
Linux raspberrypi 4.19.25-v7+ #1205 SMP Mon Feb 25 18:19:20 GMT 2019 armv7l GNU/Linux
pi@raspberrypi:~ $ find /lib/modules -name "*nf_tables*"
nada
pi@raspberrypi:~ $ sudo nft add table inet filter
Error: Could not process rule: Operation not supported
add table inet filter
^^^^^^^^^^^^^^^^^^^^^^

Debian Buster alpha5 has:

root@debian:~# find /lib/modules -name "*nf_tables*"
/lib/modules/4.19.0-2-amd64/kernel/net/netfilter/nf_tables.ko
/lib/modules/4.19.0-2-amd64/kernel/net/netfilter/nf_tables_set.ko

IMHO we might end up with having no working firewall solutions when Raspbian switches to Buster.

[popcornmix]

This repo is used for distributing files through rpi-update. Issues here won't be seen by the right people. The right place for this is https://github.com/raspberrypi/linux/issues

But is looks like this is a duplicate of: https://github.com/raspberrypi/linux/issues/2177

so best to add your input to that issue.