just about finished installing nftables on my router. Would you be happy if I updated: https://openwrt.org/docs/guide-user/firewall/misc/nftables to give an example, that way is anyone else does decide to try nftables, they at least have an example of how to go about it - and i'll explain the hassled (e.g. command line only), but also advantages (easier to understand the commands, and merged ipv4 and ipv6).
P.S. I may (if I get time) look into doing a luci interface, seams easiest to totally separate for fw3 ...
The fw3 executable does not care about the iptables tooling present on the system, it uses libiptc directly, and this remains functional until the kernel side of the setsockopt() based infrastructure is removed.
Transition to nft in OpenWrt will occur through a future fw4 package which continues to accept the same uci firewall configuration but translated to nftables instead of iptables. (Minus details such as option extra which cannot be translated to nftables syntax).
It is likely that firewall 4 will be a mere preprocessor which translates /etc/config/firewall into an nftables program through the use of a bunch of template files, but the exact details will be ironed out when we actually start working on it.
OK - I've started the page. I havn't saved it to the wiki yet - as I'm only about 25% of the way through. Its going to end up being quite a long page - so we may want to take a view on splitting it. Anyway let me finish the text first - then people here can take a view ...
OK I've done a first attempt on nftables can people take a look and let me know what you think.
Its been written very quickly, I havn't checked for typos etc. Really I wanted to get something up, so I could get peoples thoughts on if this is the right kind of thing. I know that the formatting in places is horrible - I'll correct that later.
Anyway, do give your thoughts, and feedback either positive or negative is good.