It looks like nftables does not have a physdev equivalent: https://stackoverflow.com/questions/60803101/how-to-translate-iptables-physdev-statements-to-nftables
https://wiki.nftables.org/wiki-nftables/index.php/Supported_features_compared_to_xtables
physdev
- br_netfilter aims to be deprecated by nftables.
In NSS build:
cat /etc/firewall.d/qca-nss-ecm
iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
Someone in the above link suggested this nftables config:
table inet filter {
chain forward {
iifname "br0" oifname "br0" accept
}
}
So assuming nssifb is a bridge (?) interface, we would use this nftables config:
table inet filter {
chain forward {
iifname "nssifb" oifname "nssifb" accept
}
}