I found one of the best ways to understand what's happening is to use tracing (https://wiki.nftables.org/wiki-nftables/index.php/Ruleset_debug/tracing) . You can see the traffic move through the chains and rules and get a better understanding of how your matching is or isn't working. I often just set it on my input chain, or on another chain where I want to focus; you don't have to use a pre-routing chain unless you need to catch the traffic earlier. -----Original Message----- From: ToddAndMargo <ToddAndMargo@xxxxxxxx> Sent: Thursday, December 22, 2022 1:35 PM To: Lars Noodén <lars.nooden@xxxxxxx>; netfilter@xxxxxxxxxxxxxxx Subject: Re: nftables tutorial for dummies? NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe. On 12/22/22 01:13, Lars Noodén wrote: > On 21.12.2022 1.45, ToddAndMargo wrote: >> Hi All, >> >> Anyone have a favorite nftables tutorial for dummies? >> >> I am familiar with iptables, if that helps. >> >> This looks a bit complicated: >> >> https://wiki.nftables.org/wiki-nftables/index.php/Main_Page >> >> Many thanks, >> -T > > Did you see the "Quick reference-nftables in 10 minutes" link found > near the bottom of the page you link to above? It's really worth a look: > > https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nfta > bles_in_10_minutes I did not see that. Me things I will be using the heck out of it when I get the hang of it. > > NFTables is different from IPTables, but for me it is different in > ways which make it easier to use despite having spent a longer time > using IPTables. YMMV. My two big fears are: 1) if I do not manager to download enough of the reference guides/tutorial in advance, that I will being going back and forth with a live USB researching things. 2) It looks like I will have to learn the syntax of a new language. (I am familiar with several of them. Currently, I write a lot in Raku [Perl 6].) Thank you for the help! > /Lars > > PS. Thank you in advance for not top-posting. You are welcome!
