I would be willing to create / contribute to "dummies" documentation if we had a place to host it. Unless the wiki has been updated in the past year, I feel it could use more detailed instructions for common scenarios. I admit when first getting started with nftables it was a little time consuming trying to figure out rules for things I wanted to do. Even with experience using iptables. A little more hand holding could be helpful for newcomers and people making the transition. If there was a direct comparison between iptables rules and nftables rules in the help the transition process would be faster and smoother IMO. Of course, there are many scenarios and applications but we could start off with the basics and build from there. I'm by no means an expert (more like a beginner) but I have migrated from iptables to nftables in production using maps, prerouting and postrouting chains. I'm just looking to provide help in my spare time. Thanks in advance. On Fri, Dec 23, 2022 at 10:05 PM ToddAndMargo <ToddAndMargo@xxxxxxxx> wrote: > > On 12/23/22 09:02, Atkins, Brian wrote: > > I found one of the best ways to understand what's happening is to use tracing (https://wiki.nftables.org/wiki-nftables/index.php/Ruleset_debug/tracing) . You can see the traffic move through the chains and rules and get a better understanding of how your matching is or isn't working. I often just set it on my input chain, or on another chain where I want to focus; you don't have to use a pre-routing chain unless you need to catch the traffic earlier. > > Thank you! >
