On Sat, 04 Mar 2023 07:46:10 +0000 gaaimen1997 <gaaimen1997@xxxxxxxxxxxxxx> wrote: > Hi, > I am translating iptables and ip6tables rules to nftables rules to set up my portable router. However, the following commands did not translate correctly when I used iptables-translate (ip6tables-translate) > > iptables -t mangle -A POSTROUTING -o eth0 -j TTL --ttl-inc 1 > ip6tables -t mangle -A POSTROUTING -o eth0 -j HL --hl-inc 1 > > iptables -t mangle -I POSTROUTING -m physdev --physdev-out usb0 -j TTL --ttl-inc 1 > ip6tables -t mangle -I POSTROUTING -m physdev --physdev-out usb0 -j HL --hl-inc 1 > > For the ttl and hl modules, I tried "ip ttl set 88" and "ip6 hoplimit set 99" on my own, and they worked fine. However, I am unable to increase or decrease ttl (or hoplimit) as --ttl-inc or --ttl-dec. As far as I am aware, there is no equivalent feature implemented by nftables, though it is possible to match a specific TTL value and set a specific TTL value in turn. Here is a previous thread in which the matter was raised: https://marc.info/?l=netfilter&m=158000104630533&w=2. -- Kerin Millar
