Stephan Seitz wrote: > What would be the replacement for a simple single line like > iptables -I INPUT -j DROP -s <ip> -p tcp –dport 587 ?
You can use the iptables-translate. It is not foolproof and does not always git the best results, but it can give you a good starting point for your optimisations: # iptables-translate -A INPUT -s 1.2.3.4 -p tcp --dport 587 -j DROP nft add rule ip filter INPUT ip saddr 1.2.3.4 tcp dport 587 counter drop Thomas
