firewall.user and migrating from firewall to firewall4

[Philip Prindeville]

Is there any guidance/documentation/tooling on taking a /etc/firewall.user script and migrating it to firewall4?

I had s bunch of filters using xt_geoip, xt_asn, and a list of known hostile CIDR's that I blocked quite effectively.

You'd think there could be some firewall4 "glue" that provided a hook (maybe a shell function) that intercepted invocations of "iptables" and mapped them to/from nftables.

Maybe a one time script that gathered up all of the invocations of iptables and then synthesized the appropriate nft chains instead?

Although -I and -A are fairly straightforward... even -C, -D, -N, -F, -X...  other operations like -R and -E might be more tricky.