Converting iptables to nftables

If you query the system's iptables version, Oracle Linux 9 would clearly indicate that nftables is used as the packet filtering framework:

sudo iptables --version

iptables v1.8.7 (nf_tables)

Otherwise, the output would be similar to the following example:

sudo iptables --version

iptables version (legacy)

Note:

The iptables-nft and ipset packages that include utilities such as iptables, ip6tables, ebtables and arptables are deprecated in Oracle Linux 9. Use the nftables framework to configure firewall rules directly or use the firewalld service instead.

Utilities are available to convert filter rules in iptables and ip6tables to their equivalents in the nftables framework. Choose from one of the following ways.

• Use the iptables-translate or ip6tables-translate commands, depending on the type of tables you want to convert. If a rule can't be translated because of an unrecognized extension in the rule, the command prints the untranslated rule preceded by the # sign.

  sudo iptables-translate -A INPUT -j CHECKSUM --checksum-fill

  nft #  -A INPUT -j CHECKSUM --checksum-fill

• Save the rules to a dump file, then use the iptables-restore-translate or ip6tables-restore-translate command, depending on the type of tables you want to convert.

  sudo iptables-save > /tmp/iptables.dump

  sudo iptables-restore-translate -f /tmp/iptables.dump

  translated-rules