So far I was quite happy with iptables (thanks!)
But Debian folks started march to replace iptables with nftables, so I
have to take a closer look at nftables.
Looks like my iptables rules can be translated into nftables' ones
except one thing.
I have strongswan(ipsec) server which, at connection establishing issue:
--8<---------------cut here---------------start------------->8---
iptables -I INPUT -i ${PLUTO_INTERFACE} -m policy --dir in --pol ipsec --reqid $PLUTO_REQID -j ipsec-in-${PLUTO_REQID}
--8<---------------cut here---------------end--------------->8---
How can I do it in nftables (especially reqid)?
I tried to read
https://wiki.nftables.org/wiki-nftables/index.php/Main_Page but did not
found anything useful.
Moreover one thing is unclear for me at:
https://wiki.nftables.org/wiki-nftables/index.php/Supported_features_compared_to_xtables#policy
this direct to chain policy, but there is
iptables extension called 'policy' (which is used in my rule)
and I cannot found counterpart on nftables side. Am I missing something?
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
Gnagloot, n.:
A person who leaves all his ski passes on his jacket just to
impress people.
-- Rich Hall, "Sniglets"
