enable nft to its full capacities

This option adds the "rt" expression that you can use to match packet routing information such as the packet nexthop.

This option adds the "bitmap" set type that is used to build sets whose keys are smaller or equal to 16 bits.

This option adds the "objref" expression that allows you to refer to stateful objects, such as counters and quotas.

This is required if you intend to use the userspace queueing infrastructure (also known as NFQUEUE) from nftables.

This is required if you intend to use any of existing x_tables match/target extensions over the nf_tables framework.

This option allows using the FIB expression from the netdev table. The lookup will be delegated to the IPv4 or IPv6 FIB depending on the protocol of the packet.

This module enables IPv4 packet duplication support for nf_tables.

This module enables IPv6 packet duplication support for nf_tables.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>

configs/common/kernel

@@ -120,3 +120,12 @@ CONFIG_NETFILTER_XT_MATCH_IPCOMP=y
 CONFIG_NETFILTER_XT_MATCH_L2TP=y
 CONFIG_NETFILTER_XT_MATCH_OSF=y
 CONFIG_NETFILTER_XT_MATCH_SCTP=y
+
+# nftables
+CONFIG_NFT_RT=y
+CONFIG_NFT_SET_BITMAP=y
+CONFIG_NFT_OBJREF=y
+CONFIG_NFT_QUEUE=y
+CONFIG_NFT_COMPAT=y
+CONFIG_NFT_DUP_IPV4=y
+CONFIG_NFT_DUP_IPV6=y