Migrate existing Iptables to Nftables in RHEL8/CentOS8:

What is nftables?

nftables is the next (current) generation of NetFilter based firewall solutions, replacing iptables and providing backward compatible tools with iptables syntax.If all you used before is iptables, you can continue using familiar commands – but in CentOS 8 this means that on the firewall level there’s no longer iptables running, all the functionality is provided by NFT.

Let's walk through how to convert iptables to nftables from any RHEL 6 or 7 Linux servers to RHEL 8-based operating systems . The ability to migrate iptables to nftables saves a lot of time and effort in rewriting complicated iptables rules.

Currently, we are running on RHEL 7, The requirement is to migrate our running production from RHEL 7 to 8. In this case, we need more flexibility during the whole migration process. To make the migration smoother RHEL 8 and variants comes with “iptables-restore-translate” command which helps to migrate the existing iptables rules to nftables.

Export IPtables to a file:

First of all, we need to save all our iptables rules by redirecting to a file in any name and extension. This is simple as we do in our usual daily activities.

# iptables-save > iptables_rules.txt

Verify the Existing Rules:

To verify the saved rules just do a cat and go through the rules. Make sure to confirm whether all the rules are saved.

# cat iptables_rules.txt

It’s confirmed we have only a few rules as shown below. Once the rules are saved, copy the file “iptables_rules.txt” to the destination server running on RHEL 8 based operating system.

Convert the Iptables to nftables:

On the RHEL 8 based operating system, Start to convert the iptables rules by running translate command by specifying the copied iptables file and redirect the output to save as nft rules.

# iptables-restore-translate -f iptables_rules.txt > nft_ruleset.nft

it will convert iptables rules to nftables.

Load and Import the rules:

Load the rules using -f option by specifying the converted “nft_ruleset.nft” rules file.

# nft -f nft_ruleset.nft

Once run with the above command we are done with import the rules into nft Table.

List and verify the nftables:

Finally, list and verify the imported rules.

# nft list ruleset

While listing, We will the converted list. That’s it we have successfully migrated our existing iptables rules to nftables without spending time on writing any nftable rules

Conclusion

Migrate iptables to nftables: Availability of convert tool made life easier with few steps.