Marek Greško <mgresko8@xxxxxxxxx> wrote: > please is it a bug the rules did not work in the raw table or was it > my configuration error? Config error. > How is it possible that using iptables-nft the rules are added to the > raw table and it is working? iptables-nft and fntables are not the same. -j CT works with 'connection tracking templates', but the nft equivalent sets the helper directly. So, for iptables (and iptables-nft), the rule needs to be executed before conntrack lookup. With nft it has to be done after conntrack lookup.
