Mikhail Morfikov <mmorfikov@xxxxxxxxx> wrote: > > Check out iptables-translate tool, it can help if you are familiar with > > iptables. > This tool isn't really accurate. I mean, when I passed my rules to it, > especially the one in question or similar, I got this: > > # -t raw -A peerblock -p tcp -m multiport --dports 80,443 -m set --match-set some_set dst -j DROP Older version. 1.8.2 one translates it (minus -m set part). But I agree, its better to do it by hand as that gives more opportunities to use nft set/map infra.
