How do I implement something like this in nftables:
The translation is:iptables -A INPUT -m conntrack --ctstate INVALID -m limit --limit 3/m --limit-burst 5 -j LOG --log-level debug --log-prefix "INVALID DROP: " iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
nft add rule filter input ct state invalid \ limit rate 3/minute burst 5 packets \ log level debug prefix \"INVALID DROP: \" counter nft add rule filter input ct state invalid counter drop
Note that rule counters are optional in nftables, unlikely iptables where we always have them on.