Update TTL settings to nftables

openmptcprouter/files/etc/firewall.ttl

@@ -5,8 +5,12 @@
 _set_ttl() {
 	device=$(uci -q get network.$1.name)
 	ttl=$(uci -q get network.$1.ttl)
-	if [ -n "$ttl" ] && [ -z "$(iptables-save 2>/dev/null | grep TTL | grep $device)" ]; then
+	if [ -n "$ttl" ]; then
-		iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl 2>&1 >/dev/null
+		if [ -e /usr/sbin/iptables-nft ] && [ -z "$(nft list ruleset 2>/dev/null | grep ttl | grep $device)" ]; then
+			nft add rule inet fw4 mangle_forward oifname $device ip ttl set $ttl >/dev/null 2>&1
+		elif [ ! -e /usr/sbin/iptables-nft ] && [ -z "$(iptables-save 2>/dev/null | grep TTL | grep $device)" ]; then
+			iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl >/dev/null 2>&1
+		fi
 	fi
 }
 

openmptcprouter/files/etc/uci-defaults/1980-omr-firewall

@@ -155,13 +155,15 @@ if [ "$(uci -q get firewall.ttl)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null
 		set firewall.ttl=include
 		set firewall.ttl.path=/etc/firewall.ttl
+		set firewall.ttl.type='script'
+		set firewall.ttl.fw4_compatible='1'
 		commit firewall
 	EOF
 fi
 if [ "$(uci -q get firewall.upnp)" = "" ]; then
 	uci -q batch <<-EOF >/dev/null
 		set firewall.upnp=include
-		set firewall.upnp.path='/etc/firewall.ttl'
+		set firewall.upnp.path='/etc/firewall.upnp'
 		set firewall.upnp.type='script'
 		set firewall.upnp.fw4_compatible='1'
 		commit firewall