Console9

How to migrate iptables rules to nftables

Convert existing iptables rules to nftables syntax using iptables-translate and nft commands.

How to migrate iptables rules to nftables

Convert existing iptables rules to nftables syntax using iptables-translate and nft commands.

Prerequisites

  • A Linux system with both iptables and nftables installed.
  • Existing iptables rules to migrate.

Step-by-Step: Migrate iptables Rules to nftables

  1. Use iptables-translate to convert individual rules. The tool outputs the equivalent nft command:

    iptables-translate -A INPUT -p tcp --dport 22 -j ACCEPT
    nft add rule ip filter INPUT tcp dport 22 counter accept

  2. Translate the entire ruleset at once with iptables-save and iptables-restore-translate:

    sudo iptables-save | sudo iptables-restore-translate -f /dev/stdin > nftables-rules.nft

  3. Review the translated rules, then import them into nftables:

    sudo nft -f nftables-rules.nft

  4. Verify the nftables ruleset:

    sudo nft list ruleset

  5. Disable the iptables service and enable nftables:

    sudo systemctl disable iptables
sudo systemctl enable nftables
© 2026 - Console9