Oracle Linux 8:How To Migrate Existing Iptables rules to Nftables In OL8

Oracle Linux 8:How To Migrate Existing Iptables rules to Nftables In OL8 (文档 ID 2570019.1)

APPLIES TO:

Linux OS - Version Oracle Linux 8.0 and later
Linux x86-64

GOAL

Oracle Linux 8, the default iptables network packet filtering framework been replaced with the nftables framework. As the designated successor to iptables, ip6tables, arptables, and ebtables, the nftables framework includes packet classification facilities and several improvements, which provide added convenience and improved performance over the previously used packet-filtering tools.

How To Migrate Existing Iptables rules to Nftables In OL8

SOLUTION

 To Display the Existing rule on OL6 or Ol7 Server:

#iptables -L

DROP       udp  --  anywhere             anywhere             multiport dports epmap,microsoft-ds

DROP       udp  --  anywhere             anywhere             udp dpts:netbios-ns:netbios-ssn

DROP       udp  --  anywhere             anywhere             udp spt:netbios-ns dpts:1024:65535

DROP       tcp  --  anywhere             anywhere             multiport dports epmap,netbios-ssn,microsoft-ds

 1. To save the existing rules to a file , run below command 

#iptables-save > rules.iptables

 2. Move the step1 file to OL8 Server via scp or ftp. You can use VI editor as well to copy the content from OL6 or OL7 machine.

 3. Run the below command to generate the nft rules file on OL8 with iptables rules file.

# iptables-restore-translate -f rules.iptables > rules.nft

 4. Load the rules in OL8 machine , make sure nftables service is running on the system.

# nft -f rules.nft    --- load the rule via nft to nftables.

 5. To Display rule in OL8 Server .

# nft list ruleset

 You can see the rules have been migrated from OL6 or OL7 to OL8 server now, and can test them as well.