-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, On Wed, 2021-01-20 at 21:26 +0000, kfm@xxxxxxxxxxxxx wrote: > On 20/01/2021 10:41, Nikolai Lusan wrote: > > Hi all, > > > > I am in the process of migrating from iptables+ipsets to nftables. > > Is > > there an easy way to migrate exisiting ipsets to nftables sets. > > > > > > Assuming that you are alluding to the prospect of having a utility that > can act as a stand-in for ipset(8) then, to the best of my knowledge, > the answer is no. At least, not yet. > > That said, if you were to go into more detail regarding the aspects of > migration that you are having difficulty with in the absence of tooling, > it should be possible to provide some guidance. Basically I have a handfull of custom sets, the small ones are easy enough to transition in nft - and they remain fairly static - the larger ones (some contain networks, some IPv4/6 hashes) are cumbersome at best to re-create ... currently I have been using ipset-save to put all the sets into a file which is used to rebuild the sets when needed, or on reboot. Some of the larger sets have thousands of IP addresses in them, so sticking them in the standard nftables.conf file is unsightly and unreadable at best. Thanks - -- Nikolai Lusan <nikolai@xxxxxxxxxxx> -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAmAJVNoACgkQ4ZaDRV2V L6TdLQ/+JGk3aJPF05g9EruLg8zvdod2Y15r26JnU4PR/irx03AL0Fm/dxrmQX33 NAYlbBAXmeUAoy72KI2whkCLjLb95coET26dMiLKV2Oal+XpCzl3OMtI08Bx+bxm LNOm1CcnxJ0LqNr2Uhw1ilfTbkLwD7i2s3r2wnXKYy1TTqB5In7eQZ7XKGKACpQV qj8lHe6eNEX93SxEYvagAUzELePT7eRCWT7GigCJW3CdkztVVm7+b4cSI5BELvau ZervzYjcHhJKRR6zZS6lkVjOrj/ImKRhZxpg4BBJHDVBmkoEV1b4ezc5ZL21KjkG bguYeECc0EgwQkbgS3FCVinLiFZfdVqlIg3/7RcBXmqCTDqLpbVMdKs/kJV+vBJE D5k8urMcWBDKGU9hdxtQNbKDXYDiIZhXBaV2Dh0nXie1C9cGwrz89z+OIHd3xhWU NUUs7Z0H/+NefdoYVNvv2vwdnDnRhIrISB8FyL7WEL1lyVogttKCWf+nPcDy8XxS i7zF77Z845zBYx4O4JrnGDrZJCeRpiV6XwsEoJGwlk6RNsFtOtS1hgBrfMwADd/k WQ/J4Nh1D9BdxmWksPTY7YgMgZfWNgAebB8PxnYJFSlKc08v6Smj7xYp14sJb1Pp P+3L8aSfDS6v7RHCZTt8YLRSI9nzSNV7UySHQ24KASmG0pphXlA= =L6+H -----END PGP SIGNATURE-----