So I'm currently in the process of merging 2 branches of my project, one supporting fw3+iptables, the other one supporting fw4+nftables.
The project is fairly modular, so when installing, I can include (or not) modules required for either nftables or iptables or both.
When detecting fw4+nftables, obviously there is no point to include the fw3+iptables modules.
So I'm thinking about the optimal strategy when detecting fw3+iptables systems. One way is to include modules for both iptables and nftables in preparation for possible future upgrade, so if/when it happens, the application will continue to function. This incurs some additional space usage (I'd estimate around 25KB).
Another strategy is to only include the fw3+iptables modules and save the extra space, but at upgrade, the application will break.
That would be bad as it will force the installation of iptables-zz-legacy on 22.03.xx onwards and this will break any legacy iptables packages which would normally have to use iptables-nft, as well as generating dire warnings for nft and Luci.
You will not be able to backport a new package to 22.03.xx and earlier anyway as they are or nearly EOL, so why bother at all with the iptables version?
Anyway, in the meanwhile I integrated the 2 branches and went with the strategy of installing the -nft modules if fw3+iptables are detected. The extra space came down to 16KB which I think is not a big deal.
Probably I do and there this question would be irrelevant. But before I delve into the rabbit hole of learning how to make an OWRT package, I want to release the project and see how people react.