Custom nft commands supported?

[mrbluecoat]

Does nftfw support custom nft commands? For example, I'd like to make sure this table and contents always gets added when nft rewrites the nftables:

nft add table nat
nft 'add chain nat prerouting { type nat hook prerouting priority -100; }'
nft 'add chain nat postrouting { type nat hook postrouting priority 100; }'
nft add rule nat prerouting tcp dport domain redirect
nft add rule nat prerouting udp dport domain redirect
nft add rule nat postrouting masquerade

I see https://github.com/pcollinson/nftfw/blob/master/etc_nftfw/nftfw_init.nft#L146-L189 but no area for custom entries.

[pcollinson]

Yes you can edit etc/nftfw/nftfw_init.nft. This is there to be changed. I use nftfw on my local firewall/router machine - you can find it's nftfw_init.nft in etc/nftfw/original/nftfw_router_example. This has a nat table added - and also support for a main WAN and local LAN interface on the machine.

Execute your commands on your system to make sure that they are correct, then use nft list ruleset ip to see the source to be added to nftfw_init.nft. There's an implied use of the ip table in the commands you suggested.

[pcollinson]

This highlighted a small hole in the documentation, which I've hopefully filled with a change to the How Do I document and the nftfw-files manual page.