extensions/libipt_ah.txlate - manifest_repos/iptables - Git at Google

 iptables-translate -A INPUT -p 51 -m ah --ahspi 500 -j DROP
 nft add rule ip filter INPUT ah spi 500 counter drop

 iptables-translate -A INPUT -p 51 -m ah --ahspi 500:600 -j DROP
 nft add rule ip filter INPUT ah spi 500-600 counter drop

 iptables-translate -A INPUT -p 51 -m ah ! --ahspi 50 -j DROP
 nft add rule ip filter INPUT ah spi != 50 counter drop
	iptables-translate -A INPUT -p 51 -m ah --ahspi 500 -j DROP
	nft add rule ip filter INPUT ah spi 500 counter drop

	iptables-translate -A INPUT -p 51 -m ah --ahspi 500:600 -j DROP
	nft add rule ip filter INPUT ah spi 500-600 counter drop

	iptables-translate -A INPUT -p 51 -m ah ! --ahspi 50 -j DROP
	nft add rule ip filter INPUT ah spi != 50 counter drop