From ededecd1670f6ffc7dbc488087372bca7b388aa6 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sat, 5 Apr 2025 19:51:54 +0000
Subject: [PATCH] nftables: Fix support for raw rules

---
 roles/nftables/templates/nftables.conf.j2 | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/roles/nftables/templates/nftables.conf.j2 b/roles/nftables/templates/nftables.conf.j2
index 44f153c..067285c 100644
--- a/roles/nftables/templates/nftables.conf.j2
+++ b/roles/nftables/templates/nftables.conf.j2
@@ -8,6 +8,11 @@ table ip filter {
         ct state vmap { established : accept, related : accept }
         ip protocol icmp accept
         iifname lo accept
+{% if firewall_raw is defined %}
+{%   for rule in firewall_raw %}
+        {{ rule }}
+{%   endfor %}
+{% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
 {%     for from in rule.from %}
@@ -35,6 +40,11 @@ table ip6 filter {
         type filter hook input priority 0; policy accept
         ct state vmap { established : accept, related : accept }
         ip6 nexthdr icmpv6 accept
+{% if firewall_raw6 is defined %}
+{%   for rule in firewall_raw6 %}
+        {{ rule }}
+{%   endfor %}
+{% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
 {%     for from in rule.from %}