In iptables i have a script (piece of code below) for port knocking:
$IPT -N KNOCKING$IPT -N GATE1$IPT -N PASSED$IPT -A INPUT -i $EXTIP -j KNOCKING$IPT -A GATE1 -p tcp --dport 1111 -m recent --name AUTH1 --set -j DROP$IPT -A GATE1 -j DROP$IPT -A KNOCKING -m recent --rcheck --seconds 30 --name AUTH1 -j PASSED$IPT -A KNOCKING -j GATE1$IPT -A PASSED -m recent --name AUTH1 --remove$IPT -A PASSED -p tcp --dport 777 -j LOG --log-prefix '*** RDP Connect ***'$IPT -A PASSED -p tcp --dport 777 -m recent --name RDP --set -j ACCEPT$IPT -A PASSED -j GATE1$IPT -t nat -A PREROUTING -p tcp --dport 777 -m recent --rcheck --seconds 30 --name RDP -j DNAT --to-destination 192.168.1.254:3389# ADD here FORWARD RULE from standart iptables script
What it does: when you knock on port 1111 you have 30 sec to knock to the next port 777 and you are able to connect to 777 port which is redirected to RDP in the local network. So, 1111 - 777 - connect. If the sequence differs, like 1111 - {some_other_port} - drop.It works fine.
I want to switch to nftables and I can't figure out how to translate this. Thanks a lot for any advice!