[feature request] enable NFT's full potential in kernel conf
{"kernel":"4.14.131","hostname":"to","system":"ARMv7 Processor rev 1 (v7l)","model":"Turris Omnia","board_name":"cznic,turris-omnia","release":{"distribution":"TurrisOS","version":"5.0-dev","revision":"c01f9ad","target":"mvebu/cortexa9","description":"TurrisOS 5.0-dev c01f9ad"}}
With the below settiings disabled NFT is sort of castrated. Fail to see any potential harm it could cause enabling the feature set.
# CONFIG_NFT_RT is not set
This option adds the "rt" expression that you can use to match packet routing information such as the packet nexthop.
# CONFIG_NFT_SET_BITMAP is not set
This option adds the "bitmap" set type that is used to build sets whose keys are smaller or equal to 16 bits.
# CONFIG_NFT_OBJREF is not set
This option adds the "objref" expression that allows you to refer to stateful objects, such as counters and quotas.
# CONFIG_NFT_QUEUE is not set
This is required if you intend to use the userspace queueing infrastructure (also known as NFQUEUE) from nftables.
# CONFIG_NFT_COMPAT is not set
This is required if you intend to use any of existing x_tables match/target extensions over the nf_tables framework.
# CONFIG_NFT_FIB_NETDEV is not set
This option allows using the FIB expression from the netdev table. The lookup will be delegated to the IPv4 or IPv6 FIB depending on the protocol of the packet.
# CONFIG_NFT_DUP_IPV4 is not set
This module enables IPv4 packet duplication support for nf_tables.
# CONFIG_NFT_DUP_IPV6 is not set
This module enables IPv6 packet duplication support for nf_tables.
# CONFIG_NFT_RT is not set
is likely causing some grievance with TCP MSS clamping (essential for PPPoE) since
nft add rule ip filter forward oifname pppoe-wan tcp flags syn tcp option maxseg size set rt mtu
nft add rule ip filter forward oifname pppoe-wan tcp flags syn tcp option maxseg size set 1452
either is producing
Error: Could not process rule: No such file or directory