Nftables vs iptables OpenWrt 22.03.2

I installed iptables-mod-ipopt on OpenWrt 22.03.2. Since nftables replaced iptables, are there implications or cause for concern? Should I take corrective action?

I wish to mod the TTL to 65 for all traffic leaving on the WAN.

Can this be accomplished with nftables. It seem the 'custom' rules tab has been removed from the Firewall screen during this transition.

Thanks in advance.

Yes


nft insert rule inet fw4 mangle_postrouting ip ttl set 65 comment “Fw4: setting ttl on all packets”

There was also a recent thread about TTL.

The replies were helpful understanding OpenWrt move to nftables in OpenWrt 22.03.2.

I did the following:

  • Reset OpenWrt to factory default.
  • Created a text files ending in .nft at /etc/nftables.d. Files in this directory ending in .nft are automatically load and persist between reboots.
  • Used command to create file: vi user-chains.nft
    Then added the following text:
chain user_mangle_postrouting {
     type filter hook postrouting priority mangle; policy accept;
oifname { "wan", "wlan1" } ip ttl set 65 comment "!fw4: Zone wan IPv4 egress TTL 65”
oifname { "wan", "wlan1" } ip6 hoplimit 65 comment "!fw4: Zone wan IPv6 egress TTL 65”

}

To save and exit vi text editor use command: press 'esc' key followed by :wq

This rule changes both ipv4 and ipv6 ttl value to 65. This at postrouting before leaving on the wan\wlan1