I've just started looking into this. I've a router that I plan to update from Stretch to Buster over Christmas.
The old iptables tools remain, at least in Buster, I assume for the purpose of backwards compatability with existing scripts and software. There are also migration tools to convert/transform your iptables rulesets into nft ones. So, if you already have a list of iptables rules, making use of the migration would seem to be a sensible way to go.
I don't see why you would need to declare the MANGLE and RAW tables if you are not going to add any rules to them. If there are no rules in these tables, they're not going to do anything to the traffic. When I save the ruleset on my Buster laptop (that uses iptables to configure the rules still) it only mentions the filter table, not the others (I only configure the filter table with my iptables rules).
Sorry, they're not exactly concrete answers, but I thought a few pointers would be better than leaving this unanswered.
|