nftables support on Debian OS

[Smosia]

Checklist

• [x] I searched existing Issues, and did not find a similar enhancement request
• [x] This enhancement request is about the IPsec VPN server Docker image, and not IPsec VPN itself
• [x] I read the README
• [x] I read the Important notes
• [x] I followed instructions to configure VPN clients
• [x] I checked Troubleshooting, enabled logs and checked VPN status

Describe the enhancement request I found information in docs that --host mode doesn't work on debian 10&11 due to nftables service. Looks like nftables become more and more popular service, many users use debian as OS in home servers.

Is your enhancement request related to a problem? Please describe. Without --host mode I can't use services running on my home server (samba, transmission server, etc). I would prefer to connect through VPN to local network and then use my local services, instead of opening ports on my router.

Additional context Is it possible to add support of nftables here? https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/b01c7d8951cc9c797791b96ff1bfd46ac336862b/run.sh#L479

Maybe you can add new container parameter to choose between iptables and nftables? iptables-translate utility may help to convert rules. I've asked same question in issue https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/207 But no one answered to me. Thank you!

[hwdsl2]

@Smosia Hello! Thank you for the enhancement request. I missed your earlier question in #207. While I agree that it would be a good enhancement to make this Docker image work under Debian 10/11 in host network mode, unfortunately, technically it would be very difficult because code running inside the container cannot detect the Docker host's operating system (e.g. whether it's Ubuntu 20.04, Debian 11 or CentOS 7). So even if we add support for nftables, we cannot decide on which rules to add (IPTables or nftables).