gluon-radv-filterd: migrate to nftables

package/gluon-radv-filterd/Makefile

@@ -6,7 +6,7 @@ include ../gluon.mk
 
 define Package/gluon-radv-filterd
   TITLE:=Filter IPv6 router advertisements
-  DEPENDS:=+gluon-ebtables +libgluonutil +libbatadv +libnl-tiny
+  DEPENDS:=+gluon-nftables +libgluonutil +libbatadv +libnl-tiny
 endef
 
 MAKE_VARS += \

package/gluon-radv-filterd/luasrc/lib/gluon/ebtables/400-radv-filterd

@@ -1,3 +0,0 @@
-chain('RADV_FILTER', 'DROP')
-rule 'FORWARD -p IPv6 -i bat0 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -j RADV_FILTER'
-rule 'RADV_FILTER -j ACCEPT'

package/gluon-radv-filterd/luasrc/lib/gluon/nftables/400-radv-filterd.lua

@@ -0,0 +1,15 @@
+bridge_table('pre', [[set radv_allow {
+	type ether_addr
+}
+
+set radv_filter {
+	type ether_addr
+}
+]])
+
+-- This rule starts filtering once the address is in radv_filter
+
+-- Daemon adds 00:00:../ff:ff:.. to radv_filter (todo) so everything gets picked up,
+-- effectivly turning radv_filter into a bool
+
+bridge_rule('FORWARD', 'ether saddr @radv_filter iifname "bat0" icmpv6 type nd-router-advert ether saddr != @radv_allow drop')