Tool · Config translator

Move configs across formats.

Best-effort translations between common formats. Pasted input stays in your browser — nothing is sent anywhere. The output is a starting point; review before pasting onto a live host.

INPUT · iptables-save

OUTPUT · nftables

#!/usr/sbin/nft -f
flush ruleset

table inet nat {
    chain prerouting {
        type nat hook prerouting priority -100; policy accept;
    }
    chain input {
        type nat hook input priority 100; policy drop;
        iifname "lo" accept
        ct state related,established accept
        meta l4proto tcp tcp dport 22 accept
        meta l4proto tcp tcp dport { 80,443 } accept
        meta l4proto icmp icmp type echo-request limit rate 5/sec accept
        drop
    }
    chain output {
        type nat hook output priority -100; policy accept;
    }
    chain postrouting {
        type nat hook postrouting priority 100; policy accept;
        oifname "eth0" masquerade
    }
}

Next step

Review the output before going live.

Drop the translated config into the AI Hardening Auditor for a sanity check. iptables → nftables is the simple half; the harder half is making sure the result is actually hardened.

Audit the output →Read the comparison