Arch Linux

Description:

With the newer versions (5+) of the Kernel support for some `nftables` functionality was dropped. For example these flags for IPv4 (also missing for IPv6 respectively):
```
CONFIG_NFT_CHAIN_ROUTE_IPV4=m
CONFIG_NFT_CHAIN_NAT_IPV4=m
CONFIG_NFT_MASQ_IPV4=m
CONFIG_NFT_REDIR_IPV4=m
```

If this is not common functionality for all users and if it should not influence the majority of the systems it is fine to drop it from the stable version of the kernel.

However, I would argue that the LTS version of the kernel should be more versatile and have support for the `neftables` functionality. Please, add the extra `nftables` functionality in the future versions of the Kernel config for LTS.


Additional info:
* package version(s) -> linux-lts 5.4.21-1
* config and/or log files etc. -> config
* link to upstream bug report, if any -> none

Steps to reproduce:
```/etc/nftables.conf
#!/usr/bin/nft -f

define real_nic = enp3s0
define virtual_nic = tap0

table inet filter {
chain input {
type filter hook input priority 0;
# allow established/related connections
ct state {established, related} accept
# early drop of invalid connections
ct state invalid drop
# allow from loopback
iif lo accept
# allow icmp
ip protocol icmp accept
ip6 nexthdr icmpv6 accept
# allow ssh
tcp dport ssh limit rate 5/minute accept
# last overrides
jump input_extended
# everything else
reject with icmpx type port-unreachable
}

chain input_extended {
udp dport domain iifname $virtual_nic accept
udp dport bootps iifname $virtual_nic limit rate 5/minute accept
}

chain forward {
type filter hook forward priority 0;
}

chain output {
type filter hook output priority 0;
}
}

table ip vm_nat {
chain pre {
type nat hook prerouting priority 0; policy accept;
udp dport domain iifname $virtual_nic redirect
}

chain post {
type nat hook postrouting priority 100; policy accept;
ip saddr 192.168.1.0/24 oifname $real_nic masquerade
}
}
```