Hello,
currently i am using following iptable rules to prevent forwarded
packets from being conntracked, while conntracking matching packets
only. Can you please help me to translate it to nftables?
# Do not use conttrack for forwarded packets:
*raw
:PREROUTING ACCEPT [0:0]
-A PREROUTING -m addrtype --src-type LOCAL -j ACCEPT
-A PREROUTING -m addrtype --dst-type LOCAL -j ACCEPT
-A PREROUTING -j CT --notrack
COMMIT
I've used iptables-restore-translate and it gave me following:
# Translated by iptables-restore-translate v1.8.2 on Fri Jul 12 14:02:41
2019
add table ip raw
add chain ip raw PREROUTING { type filter hook prerouting priority -300;
policy accept; }
add rule ip raw PREROUTING fib saddr type local counter accept
add rule ip raw PREROUTING fib daddr type local counter accept
# -t raw -A PREROUTING -j CT --notrack
# Completed on Fri Jul 12 14:02:41 2019
Which suggests that the "-j CT --notrack" line was not translated
correctly. What is the correct syntax for this?
Thanks!
--
S pozdravem
Best regards
Tomáš Mudruňka - SPOJE.NET s.r.o.
