bitmask-root fails when nf_tables is loaded instead of ip_tables
bitmask-root
should detect whether the ip_tables
or nf_tables
is loaded and emit either iptables
or nft
commands. At the very least it should not fail and allow the user to setup its nftables
manually.
Quoting https://wiki.nftables.org/wiki-nftables/index.php/What_is_nftables%3F :
nftables is the modern Linux kernel packet classification framework. New code should use it instead of the legacy {ip,ip6,arp,eb}_tables (xtables) infrastructure
[...]
nftables uses a new syntax. The iptables command line tool uses a getopt_long()-based parser where keys are always preceded by double minus, eg. --key or one single minus, eg. -p tcp. In contrast, nftables uses a compact syntax inspired by tcpdump.