Dear all,
since i've updated to Debian Buster i've noticed a significant increase
when applying
around 1000 iptables rules on my corporate fw. Guess its time to change
to nft ...
I used the iptables-restore-translate tool and run the result using nft
with the -f option
which works with no errors.
However, i'd like to use nft on the shell and there are a few commands
which do not apply
Does anybody know why?
Again, those command templates are the result of
iptables-restore-translate .
# nft add table ip nat
# nft add chain ip nat PREROUTING { type nat hook prerouting priority
-100\; policy accept\; }
nft: invalid option -- '1'
# nft add chain ip nat OUTPUT { type nat hook output priority -100\;
policy accept\; }
nft: invalid option -- '1'
# nft add table ip raw
# nft add chain ip raw PREROUTING { type filter hook prerouting priority
-300\; policy accept\; }
# nft: invalid option -- '3'
# nft add chain ip raw OUTPUT { type filter hook output priority -300\;
policy accept\; }
nft: invalid option -- '3'
Any help would be great, thx Matt
