I was working on a haproxy transparent proxy setup that we had working on Centos 7 (iptables), but running into issues getting tproxy working with NFTables on Centos 8. >From https://www.kernel.org/doc/Documentation/networking/tproxy.txt, It should be a matter of: # nft add table filter # nft add chain filter divert "{ type filter hook prerouting priority -150; }" # nft add rule filter divert meta l4proto tcp socket transparent 1 meta mark set 1 accept But when running the 3rd line (add rule), I get root at kryptonite [/lib/modules/4.18.0-80.11.2.el8_0.x86_64]# nft add rule filter divert meta l4proto tcp socket transparent 1 meta mark set 1 accept Error: Could not process rule: No such file or directory add rule filter divert meta l4proto tcp socket transparent 1 meta mark set 1 accept ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ (In attempting to resolve this, I did the following) modprobe nf_tproxy_ipv4 modprobe nf_tproxy_ipv6 modprobe nf_socket_ipv4 modprobe nf_socket_ipv6 I also noted that: nft add rule filter divert meta l4proto tcp meta mark set 1 accept (Removing socket transparent 1) does not exit with a failure. Also found https://bugzilla.redhat.com/show_bug.cgi?id=1651813, (which did make reference to the nftables version 0.9.0 possibly missing support, I have not tried compiling 0.9.1 yet, but I find it curious the entire line fails with 'socket transparent 1' making me wonder if it is a missing module still) -- Nathan Coulson System Administrator for Bravenet Web Services www.bravenet.com