Unfortunately the BitNinja IPtables ruleset is currently not fully compatible with nf_tables.
What does this mean?
By default, nf_tables can translate some iptables rules into its own format, but there are exceptions. These include timed rules, logical rules, and certain IPset + chain combinations.
This is why you may notice that some BitNinja rules appear in the output of the nft list ruleset command, but the full rule set from BitNinja won’t be displayed, which can cause issues.
You can verify which version is installed on your server with this command:iptables -V
The recommended solution at the moment is to manually swap back to iptables-legacy.
On RPM-based operating systems, the legacy package might not be installed by default, so you have to do it manually using one of these commands:dnf install iptables-legacyyum install iptables-legacy
After the legacy package is installed, you can set up the iptables legacy version with the following command:sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
Once all steps are completed, restart our agent:service bitninja restart
Our team is developing a new version of BitNinja that will support nftables, but we do not have an estimated time of arrival (ETA) yet.