diff --git a/package/libs/libnftnl/patches/001-libnftnl-add-fullcone-expression-support.patch b/package/libs/libnftnl/patches/001-libnftnl-add-fullcone-expression-support.patch
index 7d2dbb67c5..88e10ccc88 100644
--- a/package/libs/libnftnl/patches/001-libnftnl-add-fullcone-expression-support.patch
+++ b/package/libs/libnftnl/patches/001-libnftnl-add-fullcone-expression-support.patch
@@ -13,32 +13,27 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
  5 files changed, 192 insertions(+)
  create mode 100644 src/expr/fullcone.c
 
-diff --git a/include/libnftnl/expr.h b/include/libnftnl/expr.h
-index 00c63ab..7dcf403 100644
 --- a/include/libnftnl/expr.h
 +++ b/include/libnftnl/expr.h
-@@ -244,6 +244,12 @@ enum {
- 	NFTNL_EXPR_MASQ_REG_PROTO_MAX,
+@@ -245,6 +245,12 @@ enum {
  };
  
-+enum {
+ enum {
 +	NFTNL_EXPR_FULLCONE_FLAGS		= NFTNL_EXPR_BASE,
 +	NFTNL_EXPR_FULLCONE_REG_PROTO_MIN,
 +	NFTNL_EXPR_FULLCONE_REG_PROTO_MAX,
 +};
 +
- enum {
++enum {
  	NFTNL_EXPR_REDIR_REG_PROTO_MIN	= NFTNL_EXPR_BASE,
  	NFTNL_EXPR_REDIR_REG_PROTO_MAX,
-diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
-index 0ae9120..8b8ae38 100644
+ 	NFTNL_EXPR_REDIR_FLAGS,
 --- a/include/linux/netfilter/nf_tables.h
 +++ b/include/linux/netfilter/nf_tables.h
-@@ -1433,6 +1433,22 @@ enum nft_masq_attributes {
- };
+@@ -1464,6 +1464,22 @@ enum nft_masq_attributes {
  #define NFTA_MASQ_MAX		(__NFTA_MASQ_MAX - 1)
  
-+/**
+ /**
 + * enum nft_fullcone_attributes - nf_tables fullcone expression attributes
 + *
 + * @NFTA_FULLCONE_FLAGS: NAT flags (see NF_NAT_RANGE_* in linux/netfilter/nf_nat.h) (NLA_U32)
@@ -54,14 +49,13 @@ index 0ae9120..8b8ae38 100644
 +};
 +#define NFTA_FULLCONE_MAX		(__NFTA_FULLCONE_MAX - 1)
 +
- /**
++/**
   * enum nft_redir_attributes - nf_tables redirect expression netlink attributes
   *
-diff --git a/src/Makefile.am b/src/Makefile.am
-index c3b0ab9..2718218 100644
+  * @NFTA_REDIR_REG_PROTO_MIN: source register of proto range start (NLA_U32: nft_registers)
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
-@@ -54,6 +54,7 @@ libnftnl_la_SOURCES = utils.c		\
+@@ -55,6 +55,7 @@ libnftnl_la_SOURCES = utils.c		\
  		      expr/target.c	\
  		      expr/tunnel.c	\
  		      expr/masq.c	\
@@ -69,9 +63,6 @@ index c3b0ab9..2718218 100644
  		      expr/redir.c	\
  		      expr/hash.c	\
  		      expr/socket.c	\
-diff --git a/src/expr/fullcone.c b/src/expr/fullcone.c
-new file mode 100644
-index 0000000..aaedd83
 --- /dev/null
 +++ b/src/expr/fullcone.c
 @@ -0,0 +1,167 @@
@@ -242,11 +233,9 @@ index 0000000..aaedd83
 +	.build		= nftnl_expr_fullcone_build,
 +	.output		= nftnl_expr_fullcone_snprintf,
 +};
-diff --git a/src/expr_ops.c b/src/expr_ops.c
-index 7248e4f..9dee9f8 100644
 --- a/src/expr_ops.c
 +++ b/src/expr_ops.c
-@@ -19,6 +19,7 @@ extern struct expr_ops expr_ops_limit;
+@@ -20,6 +20,7 @@ extern struct expr_ops expr_ops_limit;
  extern struct expr_ops expr_ops_log;
  extern struct expr_ops expr_ops_lookup;
  extern struct expr_ops expr_ops_masq;
@@ -254,7 +243,7 @@ index 7248e4f..9dee9f8 100644
  extern struct expr_ops expr_ops_match;
  extern struct expr_ops expr_ops_meta;
  extern struct expr_ops expr_ops_ng;
-@@ -63,6 +64,7 @@ static struct expr_ops *expr_ops[] = {
+@@ -65,6 +66,7 @@ static struct expr_ops *expr_ops[] = {
  	&expr_ops_log,
  	&expr_ops_lookup,
  	&expr_ops_masq,
diff --git a/package/network/utils/nftables/patches/002-nftables-add-fullcone-expression-support.patch b/package/network/utils/nftables/patches/002-nftables-add-fullcone-expression-support.patch
index ca483062ed..16bdf7c760 100644
--- a/package/network/utils/nftables/patches/002-nftables-add-fullcone-expression-support.patch
+++ b/package/network/utils/nftables/patches/002-nftables-add-fullcone-expression-support.patch
@@ -16,7 +16,7 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
 
 --- a/include/linux/netfilter/nf_tables.h
 +++ b/include/linux/netfilter/nf_tables.h
-@@ -1436,6 +1436,22 @@ enum nft_masq_attributes {
+@@ -1485,6 +1485,22 @@ enum nft_masq_attributes {
  #define NFTA_MASQ_MAX		(__NFTA_MASQ_MAX - 1)
  
  /**
@@ -41,7 +41,7 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
   * @NFTA_REDIR_REG_PROTO_MIN: source register of proto range start (NLA_U32: nft_registers)
 --- a/include/statement.h
 +++ b/include/statement.h
-@@ -122,6 +122,7 @@ enum nft_nat_etypes {
+@@ -129,6 +129,7 @@ enum nft_nat_etypes {
  	__NFT_NAT_SNAT = NFT_NAT_SNAT,
  	__NFT_NAT_DNAT = NFT_NAT_DNAT,
  	NFT_NAT_MASQ,
@@ -51,7 +51,7 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
  
 --- a/src/netlink_delinearize.c
 +++ b/src/netlink_delinearize.c
-@@ -1370,6 +1370,53 @@ out_err:
+@@ -1473,6 +1473,53 @@ out_err:
  	stmt_free(stmt);
  }
  
@@ -105,7 +105,7 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
  static void netlink_parse_redir(struct netlink_parse_ctx *ctx,
  				const struct location *loc,
  				const struct nftnl_expr *nle)
-@@ -1796,6 +1843,7 @@ static const struct expr_handler netlink
+@@ -1901,6 +1948,7 @@ static const struct expr_handler netlink
  	{ .name = "tproxy",	.parse = netlink_parse_tproxy },
  	{ .name = "notrack",	.parse = netlink_parse_notrack },
  	{ .name = "masq",	.parse = netlink_parse_masq },
@@ -115,7 +115,7 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
  	{ .name = "queue",	.parse = netlink_parse_queue },
 --- a/src/netlink_linearize.c
 +++ b/src/netlink_linearize.c
-@@ -1140,6 +1140,13 @@ static void netlink_gen_nat_stmt(struct
+@@ -1221,6 +1221,13 @@ static void netlink_gen_nat_stmt(struct
  		nftnl_reg_pmin = NFTNL_EXPR_MASQ_REG_PROTO_MIN;
  		nftnl_reg_pmax = NFTNL_EXPR_MASQ_REG_PROTO_MAX;
  		break;
@@ -131,7 +131,7 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
  
 --- a/src/parser_bison.y
 +++ b/src/parser_bison.y
-@@ -582,6 +582,7 @@ int nft_lex(void *, void *, void *);
+@@ -621,6 +621,7 @@ int nft_lex(void *, void *, void *);
  %token SNAT			"snat"
  %token DNAT			"dnat"
  %token MASQUERADE		"masquerade"
@@ -139,7 +139,7 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
  %token REDIRECT			"redirect"
  %token RANDOM			"random"
  %token FULLY_RANDOM		"fully-random"
-@@ -716,8 +717,8 @@ int nft_lex(void *, void *, void *);
+@@ -755,8 +756,8 @@ int nft_lex(void *, void *, void *);
  %type <val>			limit_burst_pkts limit_burst_bytes limit_mode limit_bytes time_unit quota_mode
  %type <stmt>			reject_stmt reject_stmt_alloc
  %destructor { stmt_free($$); }	reject_stmt reject_stmt_alloc
@@ -150,7 +150,7 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
  %type <val>			nf_nat_flags nf_nat_flag offset_opt
  %type <stmt>			tproxy_stmt
  %destructor { stmt_free($$); }	tproxy_stmt
-@@ -2877,6 +2878,7 @@ stmt			:	verdict_stmt
+@@ -3064,6 +3065,7 @@ stmt			:	verdict_stmt
  			|	queue_stmt
  			|	ct_stmt
  			|	masq_stmt	close_scope_nat
@@ -158,7 +158,7 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
  			|	redir_stmt	close_scope_nat
  			|	dup_stmt	close_scope_dup
  			|	fwd_stmt	close_scope_fwd
-@@ -3773,6 +3775,28 @@ masq_stmt_args		:	TO 	COLON	stmt_expr
+@@ -3976,6 +3978,28 @@ masq_stmt_args		:	TO 	COLON	stmt_expr
  			{
  				$<stmt>0->nat.proto = $3;
  			}
@@ -189,7 +189,7 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
  				$<stmt>0->nat.proto = $3;
 --- a/src/scanner.l
 +++ b/src/scanner.l
-@@ -449,6 +449,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr
+@@ -460,6 +460,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr
  "snat"			{ scanner_push_start_cond(yyscanner, SCANSTATE_STMT_NAT); return SNAT; }
  "dnat"			{ scanner_push_start_cond(yyscanner, SCANSTATE_STMT_NAT); return DNAT; }
  "masquerade"		{ scanner_push_start_cond(yyscanner, SCANSTATE_STMT_NAT); return MASQUERADE; }
@@ -199,7 +199,7 @@ Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
  <SCANSTATE_STMT_NAT>{
 --- a/src/statement.c
 +++ b/src/statement.c
-@@ -650,6 +650,7 @@ const char *nat_etype2str(enum nft_nat_e
+@@ -681,6 +681,7 @@ const char *nat_etype2str(enum nft_nat_e
  		[NFT_NAT_SNAT]	= "snat",
  		[NFT_NAT_DNAT]	= "dnat",
  		[NFT_NAT_MASQ]	= "masquerade",