Transition iptables to nftables
 

I'm doing a pre-study before taking the plunge and installing Debian Buster. This implies building a firewall in nftables, which is new to me.
We're talking of a simple stand-alone, domestic, AMD-64 box with no frills.

QUESTION:
It seems that Tables have to be separately and explicitly declared in
the nftables script/ruleset.
But is it essential to declare tables which will not needed for example MANGLE and RAW?
And how will will the traffic filtering be affected if these tables are ommitted (i.e. deliberately not declared) ?

Can anyone help please?
Thanks in advance.
Dynosaw3
--

I've just started looking into this. I've a router that I plan to update from Stretch to Buster over Christmas.

The old iptables tools remain, at least in Buster, I assume for the purpose of backwards compatability with existing scripts and software. There are also migration tools to convert/transform your iptables rulesets into nft ones. So, if you already have a list of iptables rules, making use of the migration would seem to be a sensible way to go.

I don't see why you would need to declare the MANGLE and RAW tables if you are not going to add any rules to them. If there are no rules in these tables, they're not going to do anything to the traffic. When I save the ruleset on my Buster laptop (that uses iptables to configure the rules still) it only mentions the filter table, not the others (I only configure the filter table with my iptables rules).

Sorry, they're not exactly concrete answers, but I thought a few pointers would be better than leaving this unanswered.

Thanks very much for your reaction.
You answered my question.
[Quote]
"If there are no rules in these tables, they're not going to do anything to the traffic."
[unquote]
That's what I wanted to know.
Again thanks.
Dynosaw