Am 05.10.20 um 07:46 schrieb Emilio Augusto Lazo Zaia: > Thanks. But I'm using recent match. I can't switch to nftables if recent match is not supported yet... you don't get it - iptables-nft supports xt_recent, connlimit, ipset and so on with a 100% compatible CLI syntax iptables-nft !== nftables iptables-nft === iptables with nftables *backend* > On 3/10/20 8:58 a. m., Reindl Harald wrote: >> >> Am 03.10.20 um 07:40 schrieb Emilio Augusto Lazo Zaia: >>> When is supposed to be dropped the iptables support in Linux kernel in favor of nft? Currently I'm using iptables in many servers! >> in 99% of all cases with a recent distribution you can just switch to >> iptables-nft and are done >> >> at boot (it can restore iptables-legacy rules): >> /usr/sbin/iptables-nft-restore /etc/sysconfig/iptables >> >> after that: >> alternatives --config iptables >> alternatives --config arptables >> alternatives --config ebtables >> >> switch to nft backend and now your well known "iptables" commands will >> use the "nft" backend behind the scenes >> >> done that months ago on all Fedora 31 servers here while iptables-nft is >> the default starting with Fedora 32
