Tools for Converting iptables Rules to the nftables Equivalents

Oracle Linux 8 provides the iptables-translate and ip6tables-translate commands for converting existing iptables and ip6tables rules to their nftables equivalents. In cases where extensions do not include translation support, the untranslated rule, prefixed by a hash sign (#), is printed by the conversion tools, as shown in the following example:

# iptables-translate -A INPUT -j CHECKSUM --checksum-fill
nft # -A INPUT -j CHECKSUM --checksum-fill

You can use this utility to translate a dump of iptables rules in a single operation, for example:

# iptables-save > rules.iptables
# iptables-restore-translate -f rules.iptables > rules.nft
# nft -f rules.nft