Hi, I think the nat statements in the documentation can mislead the usage. NAT STATEMENTS section in the documentation is like this, snat to address [:port] [PRF_FLAGS] snat to address - address [:port - port] [PRF_FLAGS] snat to { ip | ip6 } address - address [:port - port] [PR_FLAGS] dnat to address [:port] [PRF_FLAGS] dnat to address [:port - port] [PR_FLAGS] dnat to { ip | ip6 } address [:port - port] [PR_FLAGS] masquerade to [:port] [PRF_FLAGS] masquerade to [:port - port] [PRF_FLAGS] redirect to [:port] [PRF_FLAGS] redirect to [:port - port] [PRF_FLAGS] It can misunderstand that you must append "to" string to use the snat, dnat, masquerade and redirect statements, even though it may not be used. e.g., % nft add rule nat postrouting masquerade % nft add rule nat prerouting redirect I think the document should be revised. What do you think?