Updated nftables

I've updated my notes on nftables, so it works of 19.07.
https://openwrt.org/docs/guide-user/firewall/misc/nftables#nftables_in_openwrt
The main loading of rules hasn't changed. However when I updated to 19.07 I could see that I think all nftables modules are loaded. Also I could stop iptable NAT loading by removing /etc/modules.d/ipt-nat, so the modules are still there, and just not loaded, which is easier than remove them.

Though I asks if there were any comments, anything to change or make better. In particular removing /etc/modules.d/ipt-nat means that:

  • ipt_MASQUERADE
  • iptable_nat
  • xt_REDIRECT
  • xt_nat

Don't load. Its clear that ipt_MASQUERADE and iptable_nat should not be loaded, but I'm not sure about the xt_* modules. I need to look them up.

Any other thoughts let me know. I know I have to update how to let in ssh, to something safer than written. I do this when I come up with something better.

3 Likes