Cs-bouncer-nftables and table inet filter

I use table inet filter in nftables for my filter rules. This table is processed before the table ip. Even priority -10 does not change the order of processing.

table inet filter {
	chain inbound_ipv4 {
		icmp type echo-request limit rate 5/second accept
		ip saddr IPV4_ADRESS/26 tcp dport PORT accept
		ip saddr 172.18.0.0/24 accept
	}

	chain inbound_ipv6 {
		icmpv6 type echo-request limit rate 5/second accept
		ip6 saddr IPV6_PREFIX::/64 icmpv6 type { nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
		ip6 saddr fe80::/10 icmpv6 type { mld-listener-query, mld-listener-report, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert } accept
		ip6 nexthdr ipv6-icmp log prefix "[nftables] ICMPv6 Accept: " counter limit rate 5/second accept
		ip6 saddr IPV6_PREFIX::/64 tcp dport PORT accept
	}

	chain inbound {
		type filter hook input priority filter; policy drop;
		ct state vmap { invalid : drop, established : accept, related : accept }
		iifname "lo" accept
		meta protocol vmap { ip : jump inbound_ipv4, ip6 : jump inbound_ipv6 }
		tcp dport { 22, 80, 443 } accept
		log prefix "[nftables] Inbound Denied: " counter drop
	}
}

How must the bouncer be configured to use table inet instead of table ip?

Currently this is not configurable within the remediation component. The only way you could achieve this is by setting the configuration to be set only mode then create the chains yourself to be the type you wish, however, this has never been attempted so please expect some errors and if you do encounter them please open an issue detailing the error on the repository

The set-only mode doesn’t work either, but the problem has already been addressed at Support new nftables configuration design by g00g1 · Pull Request #325 · crowdsecurity/cs-firewall-bouncer · GitHub. I’m trying to work on the solution there.