Merge your custom iptables rules with those created by rke2 cni

[gauravkarki]

I am using the default CNI provided by rek2 i.e. hardened-calico:v3.13.3-build20210223. It is using iptables rule for the nat rules even through iptables services is not running. my host server is RedHat Enterprise Linux 8. I have not enabled neither nftables nor iptables

# systemctl status iptables
● iptables.service
   Loaded: masked (Reason: Unit iptables.service is masked.)
   Active: inactive (dead)

# systemctl status nftables
● nftables.service - Netfilter Tables
   Loaded: loaded (/usr/lib/systemd/system/nftables.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:nft(8)

However I have a requirement to enable host based firewall rules. RedHat recommends to use nftables going forward. If i enable nftables then the iptables returns below error.

# iptables -L
iptables v1.8.4 (nf_tables): table `filter' is incompatible, use 'nft' tool.

I can however add my custom iptables rules but it gets lost during reboot. I have written a script that runs on reboot to add my custom iptables rules.

So I was wondering, if there is another better option to add my custom iptables rules?
Also Is there any option to use nftables for calico?