Blob Blame History Raw
iptables-translate -A INPUT -m policy --pol ipsec --dir in
nft add rule ip filter INPUT meta secpath exists counter

iptables-translate -A INPUT -m policy --pol none --dir in
nft add rule ip filter INPUT meta secpath missing counter