• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How To Migrate Existing Iptables rules to Nftables In CentOS/RHEL 8

by admin

In CentOS/RHEL 8, the default iptables network packet filtering framework been replaced with the nftables framework. As the designated successor to iptables, ip6tables, arptables, and ebtables, the nftables framework includes packet classification facilities and several improvements, which provide added convenience and improved performance over the previously used packet-filtering tools.

In this post we will discuss on how to migrate existing iptables rules to nftables in CentOS/RHEL 7.

Display Exiting iptable rules in CentOS/RHEL 6,7

To Display the Existing rule on CentOS/RHEL 6,7 Server:

# iptables -L

DROP       udp  --  anywhere             anywhere             multiport dports epmap,microsoft-ds

DROP       udp  --  anywhere             anywhere             udp dpts:netbios-ns:netbios-ssn

DROP       udp  --  anywhere             anywhere             udp spt:netbios-ns dpts:1024:65535

DROP       tcp  --  anywhere             anywhere             multiport dports epmap,netbios-ssn,microsoft-ds

Steps

1. To save the existing rules to a file, run below command:

# iptables-save > rules.iptables

2. Move the step1 file to CentOS/RHEL 8 Server via scp or ftp. You can use vi editor as well to copy the content from CentOS/RHEL 6 or 7 machine.

3. Run the below command to generate the nft rules file on CentOS/RHEL 8 with iptables rules file.

# iptables-restore-translate -f rules.iptables > rules.nft

4. Load the rules in CentOS/RHEL 8 machine, make sure nftables service is running on the system.

# nft -f rules.nft     ### load the rule via nft to nftables.

5. To Display rule in CentOS/RHEL 8 Server .

# nft list ruleset

You can see the rules have been migrated from CentOS/RHEL 6 or 7 to CentOS/RHEL 8 server now and can test them as well.

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, CentOS/RHEL 8, Linux

Some more articles you might also be interested in …

  1. How to run rsyslog as a non-root user in CentOS/RHEL 7
  2. debman Command Examples in Linux
  3. tc Command Examples in Linux
  4. CentOS / RHEL : How to install Open Virtual Machine Tools for Virtual machines Hosted on VMWare
  5. CentOS / RHEL 5 : How to password-protect single user mode
  6. e2label: command not found
  7. esearch Command Examples in Linux
  8. bootctl Command Examples (Control EFI firmware boot settings and manage boot loader)
  9. dos2unix: command not found
  10. rm Command Examples in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • “glab issue” Command Examples
  • “glab auth” Command Examples
  • “glab alias” Command Examples
  • gixy Command Examples

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright