Hello
I'm migrating from iptables to nftables my servers and I have rules in
the raw table, when reading the nftables wiki I understood that they
should be placed in the netdev table, but I didn't fully understand
how to transcribe hexadecimal string rules in nftables, when searching
the wiki, I couldn't quite understand.
Example of one of the rules I need to carry
iptables -t raw -A PREROUTING -p tcp -m tcp --dport 53 -m string
--hex-string "| 0000ff0001 |" --something bm -j DROP
The rule would be something like
add table netdev filter chain ingress {type filter hook ingress
priority 0; policy accept} '
'add rule netdev ingress udp --dport 53 metadata "| 0000ff0001 |" drop '
I tried to use the iptables-translate command and it was not possible
to translate to nft format
iptables-translate -t raw -A PREROUTING -p tcp -m tcp --dport 53 -m
string --hex-string "|0000ff0001|" --algo bm -j DROP
nft # -t raw -A PREROUTING -p tcp -m tcp --dport 53 -m string
--hex-string |0000ff0001| --algo bm -j DROP
Does anyone happen to use this type of resource in nft or could you
guide me how to proceed?
Best Regards
