From: Ian Kelling <iank@fsf.org>
Date: Sat, 27 Apr 2024 19:47:37 +0000 (-0400)
Subject: nftables notes
X-Git-Url: https://iankelling.org/git/?a=commitdiff_plain;h=f7766c0952ce2c5db6d639b03113c070501352d7;p=work-notes

nftables notes
---

diff --git a/work.org b/work.org
index 8e10b3c..abea832 100644
--- a/work.org
+++ b/work.org
@@ -1140,3 +1140,14 @@ EOF
 wget -m ftp://lists.gnu.org/info-gnu
 cd lists.gnu.org/info-gnu
 sed -rn '/^From: /{s/.*@([^> ]*).*/\1/' * | sort -u | while -read -r l; do host -t txt _dmarc.$l; done
+
+* nftables
+
+New librecmc uses this.
+
+iptables-nft command uses the newer nftables kernel API but reuses the
+legacy packet-matching code
+
+iptables -S = nft list ruleset
+
+iptables-translate does translation of iptables arguments (but not -S).