Hi,
Of course,
nftables support will be added very soon to FWCloud. It is in the features list that will be added to our next FWCloud release, not in the one that we will publish this week, but it will be available in the next one.
The FWCloud design allows the use of different compilers for the policy generated using the user interface. Currently we have a compiler for
iptables and we can easily add compilers for other network packet filtering systems like
nftables.
In fact, is quite simple to convert the current
iptables compilation to
nftables, as explained
here.
In the FWCloud release that we will publish this week we have added a new awesome feature that we have called
hook scripts. It allows the addition of script code before and/or after any rule of the policy. If you want to use
nftables instead of
iptables, you could add this code after the last rule loaded in your policy load script:
Bash:
iptables-save > /tmp/iptables-save.txt
iptables-restore-translate -f /tmp/iptables-save.txt > /tmp/nftables-save.txt
nft -f /tmp/nftables-save.txt
This can be a temporary solution, but if you can wait, it would be better to use our
nftables compiler that will generate a native
nftables compiled script for policy load.
Best regards.
