Masquerade rule with netfilter-persistent

I use netfilter-persistent to manage a firewall. I would like to share a connection between two interfaces using masquerading (example , or another ). When I run those operations by invoking iptables it works. But if I try to update firewall rules stored in /etc/iptables/rules.v4 adding such a line: -t nat -A POSTROUTING -o wlan0 -j MASQUERADE Lines starting with -t make netfilter-persistent fail to run and the firewall is not updated: Nov 16 11:51:32 helena systemd[1] : netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE Nov 16 11:51:32 helena systemd[1] : Failed to start netfilter persistent configuration. So I am wondering if it is possible to store this kind of rules with netfilter-persistent or - Is it a known limitation? - Is there a good reason why it cannot work? - Is there a hack to make it work?