Web lists-archives.com

Re: nftables howto?




On 2018-10-28, Kamil Jońca <kjonca@xxxxxxxxxxxxxx> wrote:
>
> Recent upgrade surprised me with iptables->nftables migration.
> I understand I should prepare to migrate, but I cannot found
> comprehensive documentation of nftables.
> For example:
>
> In my ipsec updown script I have something like:
> --8<---------------cut here---------------start------------->8---
> iptables -I INPUT -i ${PLUTO_INTERFACE}  -m policy --dir in  --pol ipsec --reqid  $PLUTO_REQID   -j ipsec-in-${PLUTO_REQID}
> --8<---------------cut here---------------end--------------->8---
>
> Where can I read how to translate it to nftables? (especially --reqid)
>
> Or how can I write updown script which insert some rules when client
> connects, and "purge" them on disconnect?
> KJ
>
>

I found this rather rapidly:

https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables

I don't if it addresses your specific issue, but good luck anyhow.

-- 
"Now she understood that Anna could not have been in lilac, and that her charm
was just that she always stood out against her attire, that her dress could
never be noticeable on her." Leo Tolstoy, Anna Karenina