1# old socket match, no options. Matches if sk can be found and it is not bound to 0.0.0.0/:: 2iptables-translate -A INPUT -m socket 3nft 'add rule ip filter INPUT socket wildcard 0 counter' 4 5iptables-translate -A INPUT -m socket --transparent 6nft 'add rule ip filter INPUT socket wildcard 0 socket transparent 1 counter' 7 8# Matches if sk can be found. Doesn't matter as to what addess it is bound to. 9# therefore, emulate "exists". 10iptables-translate -A INPUT -m socket --nowildcard 11nft 'add rule ip filter INPUT socket wildcard le 1 counter' 12 13iptables-translate -A INPUT -m socket --restore-skmark 14nft 'add rule ip filter INPUT socket wildcard 0 meta mark set socket mark counter' 15 16iptables-translate -A INPUT -m socket --transparent --nowildcard --restore-skmark 17nft 'add rule ip filter INPUT socket transparent 1 meta mark set socket mark counter' 18