Pihole forwarding

I've just recently put 23.05.2 onto the router I am running in the UK. Elsewhere I have 21.02.5 on a Pi4b. I have 1 Pihole in the UK and I think this firewall setting is fine to hijack the DNS using the IP address

config redirect
        option dest 'wan'
        option target 'DNAT'
        option src 'lan'
        option src_ip '!192.168.1.250'
        option src_dport '53'
        option dest_ip '192.168.1.250'
        option dest_port '53'
        option src_dip '!192.168.1.250'
        option name 'Intercept-DNS'

config nat
        list proto 'tcp'
        list proto 'udp'
        option src 'lan'
        option dest_ip '192.168.1.250'
        option dest_port '53'
        option target 'MASQUERADE'
        option name 'Intercept-DNS-Masquerade'

At my other place I have 2 Piholes, the plan would be to do the same here too eventually in the other case I have a startup script for the firewall iptables like this.

# DNSHIJACKv4 start of section ####
# Log and hijack to Piholes
iptables -t nat -N dnshijack
# allow Piholes to query internet, first line every other query
iptables -t nat -A dnshijack -m statistic --mode nth --every 2 --packet 0 -j DNAT --to-destination 192.168.70.250
#
iptables -t nat -A prerouting_lan_rule -m mac --mac-source 02:00:47:14:1f:b8 -p udp --dport 53 -m comment --comment "Allow Pi-Hole Orange" -j ACCEPT
iptables -t nat -A prerouting_lan_rule -m mac --mac-source 02:00:47:14:1f:b8 -p tcp --dport 53 -m comment --comment "Allow Pi-Hole Orange" -j ACCEPT
iptables -t nat -A prerouting_lan_rule -m mac --mac-source 02:00:47:14:1f:b8 -p udp --dport 853 -m comment --comment "Allow Pi-Hole Orange" -j ACCEPT
iptables -t nat -A prerouting_lan_rule -m mac --mac-source 02:00:47:14:1f:b8 -p tcp --dport 853 -m comment --comment "Allow Pi-Hole Orange" -j ACCEPT
#
iptables -t nat -A dnshijack -j DNAT --to-destination 192.168.70.252
# allow Debian_VM to query internet, this now main DNS
iptables -t nat -A prerouting_lan_rule -m mac --mac-source 02:42:c0:a8:46:fc -p udp --dport 53 -m comment --comment "Allow Pi-Debian_VM" -j ACCEPT
iptables -t nat -A prerouting_lan_rule -m mac --mac-source 02:42:c0:a8:46:fc -p tcp --dport 53 -m comment --comment "Allow Pi-Debian_VM" -j ACCEPT
iptables -t nat -A prerouting_lan_rule -m mac --mac-source 02:42:c0:a8:46:fc -p udp --dport 853 -m comment --comment "Allow Pi-Debian_VM" -j ACCEPT
iptables -t nat -A prerouting_lan_rule -m mac --mac-source 02:42:c0:a8:46:fc -p tcp --dport 853 -m comment --comment "Allow Pi-Debian_VM" -j ACCEPT
# allow queries to Router, this is where the Hijack goes
iptables -t nat -A prerouting_lan_rule -p tcp --dport 53 -d 192.168.70.1 -m comment --comment "Allow Router" -j ACCEPT
iptables -t nat -A prerouting_lan_rule -p udp --dport 53 -d 192.168.70.1 -m comment --comment "Allow Router" -j ACCEPT -j ACCEPT
iptables -t nat -A prerouting_lan_rule -p tcp --dport 853 -d 192.168.70.1 -m comment --comment "Allow Router" -j ACCEPT -j ACCEPT
iptables -t nat -A prerouting_lan_rule -p udp --dport 853 -d 192.168.70.1 -m comment --comment "Allow Router" -j ACCEPT -j ACCEPT
# anything else is hijacked
iptables -t nat -A prerouting_lan_rule -p udp --dport 53 -m comment --comment "HiJack DNS" -j dnshijack
iptables -t nat -A prerouting_lan_rule -p tcp --dport 53 -m comment --comment "HiJack DNS" -j dnshijack
iptables -t nat -A prerouting_lan_rule -p udp --dport 853 -m comment --comment "HiJack DNS" -j dnshijack
iptables -t nat -A prerouting_lan_rule -p tcp --dport 853 -m comment --comment "HiJack DNS" -j dnshijack
# fix "reply from unexpected source"
iptables -t nat -A postrouting_lan_rule -d 192.168.70.250 -p tcp -m tcp --dport 53 -m comment --comment "DNS Orange MASQUERADE" -j MASQUERADE
iptables -t nat -A postrouting_lan_rule -d 192.168.70.250 -p udp -m udp --dport 53 -m comment --comment "DNS Orange MASQUERADE" -j MASQUERADE
iptables -t nat -A postrouting_lan_rule -d 192.168.70.250 -p tcp -m tcp --dport 853 -m comment --comment "DNS Orange MASQUERADE" -j MASQUERADE
iptables -t nat -A postrouting_lan_rule -d 192.168.70.250 -p udp -m udp --dport 853 -m comment --comment "DNS Orange MASQUERADE" -j MASQUERADE
# Pihole 2
iptables -t nat -A postrouting_lan_rule -d 192.168.70.252 -p tcp -m tcp --dport 53 -m comment --comment "DNS Debian_VM MASQUERADE" -j MASQUERADE
iptables -t nat -A postrouting_lan_rule -d 192.168.70.252 -p udp -m udp --dport 53 -m comment --comment "DNS Debian_VM MASQUERADE" -j MASQUERADE
iptables -t nat -A postrouting_lan_rule -d 192.168.70.252 -p tcp -m tcp --dport 853 -m comment --comment "DNS Debian_VM MASQUERADE" -j MASQUERADE
iptables -t nat -A postrouting_lan_rule -d 192.168.70.252 -p udp -m udp --dport 853 -m comment --comment "DNS Debian_VM MASQUERADE" -j MASQUERADE
# DNSHIJACKv4 end of section ####

How would I go about setting that up with the newer OS where we now have nftables? When I can get back at some point I'd try and update the 4b to a later version.

Currently here I am stuck behind CGNAT but at some point I'd try to get a proper external IP albeit that's a time away and move some of my servers. I use a script based on this post Firewall update script - #4 by IanBlakeley to update the firewall dynamically can this be done still?