Converting iptables to nftables

If you query the system's iptables version, Oracle Linux 8 would clearly indicate that nftables is used as the packet filtering framework:

sudo iptables --version

iptables v1.8.2 (nf_tables)

Otherwise, the output would be similar to the following example:

sudo iptables --version

iptables version (legacy)

Utilities are available to convert filter rules in iptables and ip6tables to their equivalents in the nftables framework. Choose from one of the following ways.

• Use the iptables-translate or ip6tables-translate commands, depending on the type of tables you want to convert. If a rule can't be translated because of an unrecognized extension in the rule, the command prints the untranslated rule preceded by the # sign.

  sudo iptables-translate -A INPUT -j CHECKSUM --checksum-fill

  nft #  -A INPUT -j CHECKSUM --checksum-fill

• Save the rules to a dump file, then use the iptables-restore-translate or ip6tables-restore-translate command, depending on the type of tables you want to convert.

  sudo iptables-save > /tmp/iptables.dump

  sudo iptables-restore-translate -f /tmp/iptables.dump

  translated-rules