You can translate and migrate existing iptables rules to
nftables during installation of GUI on RHEL 9 systems.
Before proceeding with the migration process, you must ensure that the following activities
are completed:
- The nftables and iptables packages are
installed.
-
iptables and ip6tables rules are configured in
the system.
While installing GUI on RHEL 9 systems you must install nftables.
However, you can retain the previously created iptables rules that are
already existing by translating and migrating them to nftables.
-
To create a backup of the iptables and
ip6tables rules, issue the following commands:
# iptables-save >/root/iptables.dump
# ip6tables-save >/root/ip6tables.dump
- To convert the dump files to nftables, issue the following
commands:
# iptables-restore-translate -f /root/iptables.dump > /etc/nftables/ruleset-migrated-from-iptables.nft
# ip6tables-restore-translate -f /root/ip6tables.dump > /etc/nftables/ruleset-migrated-from-ip6tables.nft
- To edit the /etc/sysconfig/nftables.conf file and add the migrated
files, issue the following command:
include "/etc/nftables/ruleset-migrated-from-iptables.nft"
include "/etc/nftables/ruleset-migrated-from-ip6tables.nft"
- To disable the existing iptables, if any, issue the following
command:
# systemctl disable --now iptables
- To enable and start the nftables service, issue the following
command:
# systemctl enable --now nftables
- To verify the rules that are migrated, issue the following command: