How do I enable and use nftables?

[encryptedserver]

How do I enable the nftables and start playing with it, I just upgraded to 8.2

Update: Found it in Datacenter > Node > Firewall > Options > nftables > enable.

 

[patrick7]

Enabled, all rules in iptables are removed, but no new rules added to nftables -> ending up without any firewall -> revert.

 

[patrick7]

Update: the proxmox-firewall service fails if there are aliases not referenced by the new "dc/" or "guest/" notation. After replacing all of them and restarting the firewall, nftables rules are created.

 

[TNorthover]

In the spirit of gathering 8.2 nftables limitations...

I think I'm having difficulties with an out DROP rule that's also blocking the "SYN ACK" stage of establishing an inbound TCP connection. Some precedence issue with the usual related/established boilerplate I suspect.