Dear NFTables community, We are trying to migrate from firewalld to nftables in our planned upgrade from CentOS 7 to 8. We run keepalived on some of our servers and we need to migrate the firewall rule that allows vrrp in and out traffic to nftables format. I googled the topic, searched nftables documentations, and tested a number of possibilities but could not find the solution. the firewalld rules for vrrp is: firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT firewall-cmd --direct --permanent --add-rule ipv4 filter OUTPUT 0 --out-interface ens192 --destination 224.0.0.18 --protocol vrrp -j ACCEPT which are similar to ipables commands: # iptables -I INPUT -i ens192 -d 224.0.0.0/8 -p vrrp -j ACCEPT # iptables -I OUTPUT -o ens192 -d 224.0.0.0/8 -p vrrp -j ACCEPT Could you please kindly advise what is the equivalent in nftable command or rule formate? Thank you very much. Regards, Lihua Wang Linux admin @ CUNY Graduate Center
