Hello, Taking as starting point the following iptables rule, which replicates the udp packets to other host, only if it is on the same subnet: # iptables -t nat -A PREROUTING -i ens192 -p udp --dport 53 -j DNAT --to-destination 192.168.1.2:53 The iptables documentation said about it: "The TEE target will clone a packet and redirect this clone to another machine on the local network segment." There is the equivalent on nftables, documented on https://wiki.nftables.org/wiki-nftables/index.php/Duplicating_packets But there, there isn't any mention to the requirement that the host needs to be on the same network segment, only said "to another remote peer for further inspection". I'm trying it but I only receive packets if the host is in the same subnet, the same behaviour than iptables. Does nftables can send packets to hosts outside the same network? or it can't? The sample code is the following: echo " table mangle { chain mangle { type filter hook prerouting priority -300; udp dport 53 counter dup to 192.168.1.2 } } " | nft -f /dev/stdin Thanks,
