The current tendency is to move to netfilter from iptables so try instead
nft -j list ruleset
that wouldn’t work with failt2ban obviously (one of the reasons I’ve stopped using it).
[root@trx ~]# nft list ruleset
[root@trx ~]# nft add table inet fw
[root@trx ~]# nft add chain inet fw cin { type filter hook input priority 10\; }
[root@trx ~]# nft add rule inet fw cin ct state established,related counter accept
[root@trx ~]# nft add rule inet fw cin counter drop
[root@trx ~]# nft list ruleset
table inet fw {
chain cin {
type filter hook input priority filter + 10; policy accept;
ct state established,related counter packets 5 bytes 714 accept
counter packets 0 bytes 0 drop
}
}
[root@trx ~]# nft flush ruleset
[root@trx ~]# nft list ruleset
[root@trx ~]#