feat: add native nftables support (#1389)

- Add nftables as a third firewall backend option alongside firewalld and iptables - Detection priority: firewalld → nftables → iptables (legacy fallback) - Uses dedicated `openvpn` and `openvpn-nat` tables for clean isolation - Integrates with native `nftables.service` via include in `/etc/nftables.conf` Closes https://github.com/angristan/openvpn-install/issues/530
2025-12-18 01:37:02 +01:00 · 2025-12-14 00:03:29 +01:00
parent a220d3a689
commit 8ea2d1b5b2
6 changed files with 127 additions and 5 deletions
--- a/.github/workflows/docker-test.yml
+++ b/.github/workflows/docker-test.yml
@@ -98,6 +98,15 @@ jobs:
              name: tls-crypt-v2
              sig: "1"
              key_file: tls-crypt-v2.key
+          # Test nftables support on Debian
+          - os:
+              name: debian-12-nftables
+              image: debian:12
+              enable_nftables: true
+            tls:
+              name: tls-crypt-v2
+              sig: "1"
+              key_file: tls-crypt-v2.key

    name: ${{ matrix.os.name }}
    steps:
@@ -113,6 +122,7 @@ jobs:
          docker build \
            --build-arg BASE_IMAGE=${{ matrix.os.image }} \
            --build-arg ENABLE_FIREWALLD=${{ matrix.os.enable_firewalld && 'y' || 'n' }} \
+            --build-arg ENABLE_NFTABLES=${{ matrix.os.enable_nftables && 'y' || 'n' }} \
            -t openvpn-server \
            -f test/Dockerfile.server .

@@ -269,7 +279,7 @@ jobs:
      - name: Show install script log
        if: always()
        run: |
-          docker cp openvpn-server:/opt/openvpn-install.log /tmp/openvpn-install.log 2>/dev/null && \
+          docker cp openvpn-server:/root/openvpn-install.log /tmp/openvpn-install.log 2>/dev/null && \
            cat /tmp/openvpn-install.log || echo "No install log found"

      - name: Show client logs