Подружить nft и ppp0

#!/usr/sbin/nft -f
flush ruleset
define base_interface = enp6s0
define income_interface = ppp0
define desktop_interface = enp4s0
table ip nat {
    chain prerouting {
        type nat hook prerouting priority -100; policy accept;
    }
    chain input {
        type nat hook input priority 100; policy accept;
    }
    chain output {
        type nat hook output priority -100; policy accept;
    }
    chain postrouting {
        type nat hook postrouting priority 100; policy accept;
        oifname $income_interface masquerade
    }
}
table inet filter {
    chain output {
        type filter hook output priority 0; policy accept;
    }
    chain input {
        type filter hook input priority 0; policy drop;
        ct state established,related accept
        ct state invalid drop
        tcp dport { 443, 2022 } accept
        udp dport { 2022, 4444 } accept
        iifname != $income_interface ct state new accept
    }
    chain forward {
        type filter hook forward priority 0; policy drop;
        meta l4proto tcp tcp flags & (syn|rst) == syn tcp option maxseg size set rt mtu
        iifname $income_interface oifname $desktop_interface ct state related,established accept
        iifname $desktop_interface oifname $income_interface accept
        iifname $base_interface oifname $income_interface reject with icmpx type host-unreachable
        iifname $income_interface oifname $income_interface reject with icmpx type host-unreachable
    }
}