• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

The Geek Diary

CONCEPTS | BASICS | HOWTO

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • Linux Services
    • VCS
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
    • Data Guard
  • DevOps
    • Docker
    • Shell Scripting
  • Interview Questions
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How To Migrate Existing Iptables rules to Nftables In CentOS/RHEL 8

By admin

In CentOS/RHEL 8, the default iptables network packet filtering framework been replaced with the nftables framework. As the designated successor to iptables, ip6tables, arptables, and ebtables, the nftables framework includes packet classification facilities and several improvements, which provide added convenience and improved performance over the previously used packet-filtering tools.

In this post we will discuss on how to migrate existing iptables rules to nftables in CentOS/RHEL 7.

Display Exiting iptable rules in CentOS/RHEL 6,7

To Display the Existing rule on CentOS/RHEL 6,7 Server:

# iptables -L

DROP       udp  --  anywhere             anywhere             multiport dports epmap,microsoft-ds

DROP       udp  --  anywhere             anywhere             udp dpts:netbios-ns:netbios-ssn

DROP       udp  --  anywhere             anywhere             udp spt:netbios-ns dpts:1024:65535

DROP       tcp  --  anywhere             anywhere             multiport dports epmap,netbios-ssn,microsoft-ds

Steps

1. To save the existing rules to a file, run below command:

# iptables-save > rules.iptables

2. Move the step1 file to CentOS/RHEL 8 Server via scp or ftp. You can use vi editor as well to copy the content from CentOS/RHEL 6 or 7 machine.

3. Run the below command to generate the nft rules file on CentOS/RHEL 8 with iptables rules file.

# iptables-restore-translate -f rules.iptables > rules.nft

4. Load the rules in CentOS/RHEL 8 machine, make sure nftables service is running on the system.

# nft -f rules.nft     ### load the rule via nft to nftables.

5. To Display rule in CentOS/RHEL 8 Server .

# nft list ruleset

You can see the rules have been migrated from CentOS/RHEL 6 or 7 to CentOS/RHEL 8 server now and can test them as well.

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, CentOS/RHEL 8, Linux

Some more articles you might also be interested in …

  1. Linux Interview Questions – Basic File and Directory Permissions
  2. Configuring sudo to Enable Commands for Non-Root Users in Linux
  3. How to Use Udev Rules to Create oracleasm Disks in CentOS/RHEL 8
  4. CentOS / RHEL 7 : How to change the verbosity of debug logs during booting
  5. How to Switch Back To Previous Version of openjdk in CentOS/RHEL
  6. Linux OS Service ‘cpuspeed’
  7. cp: omitting directory – error while copying a directory in Linux
  8. How to view past performance with sar in Linux
  9. How to disable IPv6 on CentOS / RHEL 7
  10. CentOS / RHEL 7 : How to Install GUI

You May Also Like

Primary Sidebar

Recent Posts

  • How to set the default character set in MySQL and how to propagate it in a master-master replication scenario
  • “Connection reset by peer” – error while ssh into a CentOS/RHEL system with a specific user only
  • MySQL: how to figure out which session holds which table level or global read locks
  • Recommended Configuration of the MySQL Performance Schema
  • Archives
  • Contact Us
  • Copyright

© 2021 · The Geek Diary