List of available translations via iptables-translate tool
The following matches and targets (in alphabetic order) can be fully translated via iptables-translate tool:
Translatable extensions
Matches
xt
- comment
- connmark
- cpu
- devgroup
- dscp
- esp
- helper
- iprange
- length
- limit
- mac
- mark
- pkttype
- state
- tcp
- udp
ip
- ah
- realm
- ttl
ip6
- ah
- frag
- hbh
- hl
- mh
Targets
xt
- NFLOG
- NFQUEUE
- TEE
- TRACE
ip
- DNAT
- MASQUERADE
- REDIRECT
- REJECT
- SNAT
ip6
- DNAT
- MASQUERADE
- REDIRECT
- REJECT
- SNAT
Following matches and targets are yet to be translated:
Untranslatable extensions
Matches
xt
- cgroup
[Waiting for support of cgroup2 path-based in nft]
- connlabel
[Waiting for support of --set]
Patch sent: https://patchwork.ozlabs.org/patch/592462/ (Needs revisit)
- dccp
[Waiting for support of --dccp-option] (partial translations available)
- ecn
[Waiting for support of --ecn-tcp-ece and --ecn-tcp-cwr] (partial translations available)
- ipcomp
[Waiting for support of --compres] (partial translations available)
- multiport
[Waiting for support of --ports] (partial translations available)
- owner
[Waiting for support of --socket-exists] (partial translations available)
- sctp
[Waiting for support of --chunk-types] (partial translations available)
- set
ip
- icmp
[Waiting for support of packet types]
ip6
- icmp6
[Waiting for support of packet types]
- ipv6header
- rt
[Waiting for support of --rt-0-res, --rt-0-addrs, --rt-0-not-strict] (partial translations available)
Targets
xt
- CLASSIFY
[Requires bug fixing]
- MARK
[--set-mark and --set-xmark options are not fully supported] (partial translations available)
If --set-mark is used you must only specify the mark.
If --set-xmark is used you must specify the mark and the mask.
- CONNMARK
[Waiting for support of --save-mark, --restore-mark, --set-mark and --set-xmark] (partial translations available)
If --set-mark is used you must only specify the mark.
If --set-xmark is used you must specify the mark and the mask.
ip
- LOG
[Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available)
ip6
- LOG
[Waiting for support of log-tcp-sequence, log-tcp-options, log-ip-options, log-uid, log-macdecode] (partial translations available)