nftabless backend / forward chain

I was trying to allow my docker container to pass DNS requests through my host. As backend I use nftables. I have put this into /etc/firewalld/firewalld.conf: FirewallBackend=nftables Trying to add a direct rule via command line gave an error message from iptables. Why is iptables here? Or is --direct no longer usable with nftables? firewall-cmd --direct --add-rule ipv4 filter filter_FWDI_FedoraWorkstation_allow 0 -p tcp --dport 53 -j ACCEPT Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore: line 2 failed In the past I could put a file /etc/firewalld/direct.xml like this: <?xml version="1.0" encoding="utf-8"?> <direct> [ <rule ipv="ipv6" table="filter" chain="FWDI_FedoraWorkstation" priority="0"> -p tcp --dport 53 -j ACCEPT </rule> ] [ <rule ipv="ipv6" table="filter" chain="FWDI_FedoraWorkstation" priority="0"> -p udp --dport 53 -j ACCEPT </rule> ] [ <rule ipv="ipv4" table="filter" chain="FWDI_FedoraWorkstation" priority="0"> -p tcp --dport 53 -j ACCEPT </rule> ] [ <rule ipv="ipv4" table="filter" chain="FWDI_FedoraWorkstation" priority="0"> -p udp --dport 53 -j ACCEPT </rule> ] </direct> when I needed forwarding. But now when I do this I cannot see anything in "nft list ruleset" but I see it in "iptables -L -n -v" instead. What is the correct way to configure forward chains in firewalld with nftables backend?