Last Friday I finally got around to do in inplace-upgrade from QubesOS 4.1 to 4.2
In my laptop I have a service qube named fileserver. This qube which provides file services to some other App qubes and is currently still based on an old outdated but heavily customized template which I need to replace with something newer in the near future.
After reading your very helpful post here, I modified my old no longer working iptables commands and replaced them with nft commands as described. This worked fine in the forwarding case (usually the qube sys-firewall which I renamed to sys-router) with in my case:
for $CLIENT_IP in .... ; do
nft add rule qubes custom-forward ip saddr $CLIENT_IP \
ip daddr $FILESERVER accept
nft add rule qubes custom-forward ip saddr $FILESERVER \
ip daddr $CLIENT_IP accept
done
However for the qube fileserver mentioned above I figured out by inspecting the firewall rules using the command
sudo nft list ruleset
that there is no table qubes and no chain named custom-input. So I decided for the time being to use this command in my /rw/config/qubes-firewall-user-script instead:
nft insert rule ip filter INPUT index 0 ip saddr 10.137.0.255/24 accept
Afterwards my Qubes OS internal networking finally worked again as it used to do before in Qubes OS 4.1
I would like to thank you and everybody involved. Best regards.