diff --git a/backport-datatype-rt_symbol_table_init-to-search-for-iproute2-configs.patch b/backport-datatype-rt_symbol_table_init-to-search-for-iproute2-configs.patch
new file mode 100644
index 0000000000000000000000000000000000000000..eabe46c25ff9c0350e06377913d907aae010c849
--- /dev/null
+++ b/backport-datatype-rt_symbol_table_init-to-search-for-iproute2-configs.patch
@@ -0,0 +1,138 @@
+From d0f70a1739b8e512986fb460a7fa7ff8a9300b68 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 15 Dec 2023 21:59:44 +0100
+Subject: [PATCH 001/196] datatype: rt_symbol_table_init() to search for
+ iproute2 configs
+
+There is an ongoing effort among various distributions to tidy up in
+/etc. The idea is to reduce contents to just what the admin manually
+inserted to customize the system, anything else shall move out to /usr
+(or so). The various files in /etc/iproute2 fall in that category as
+they are seldomly modified.
+
+The crux is though that iproute2 project seems not quite sure yet where
+the files should go. While v6.6.0 installs them into /usr/lib/iproute2,
+current mast^Wmain branch uses /usr/share/iproute2. Assume this is going
+to stay as /(usr/)lib does not seem right for such files.
+
+Note that rt_symbol_table_init() is not just used for
+iproute2-maintained configs but also for connlabel.conf - so retain the
+old behaviour when passed an absolute path.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+---
+ src/datatype.c | 38 ++++++++++++++++++++++++++++++++++----
+ src/meta.c     |  2 +-
+ src/rt.c       |  2 +-
+ 3 files changed, 36 insertions(+), 6 deletions(-)
+
+diff --git a/src/datatype.c b/src/datatype.c
+index 86d55a52..9ca05167 100644
+--- a/src/datatype.c
++++ b/src/datatype.c
+@@ -855,19 +855,47 @@ const struct datatype inet_service_type = {
+ 
+ #define RT_SYM_TAB_INITIAL_SIZE		16
+ 
++static FILE *open_iproute2_db(const char *filename, char **path)
++{
++	FILE *ret;
++
++	if (filename[0] == '/')
++		return fopen(filename, "r");
++
++	if (asprintf(path, "/etc/iproute2/%s", filename) == -1)
++		goto fail;
++
++	ret = fopen(*path, "r");
++	if (ret)
++		return ret;
++
++	free(*path);
++	if (asprintf(path, "/usr/share/iproute2/%s", filename) == -1)
++		goto fail;
++
++	ret = fopen(*path, "r");
++	if (ret)
++		return ret;
++
++	free(*path);
++fail:
++	*path = NULL;
++	return NULL;
++}
++
+ struct symbol_table *rt_symbol_table_init(const char *filename)
+ {
++	char buf[512], namebuf[512], *p, *path = NULL;
+ 	struct symbolic_constant s;
+ 	struct symbol_table *tbl;
+ 	unsigned int size, nelems, val;
+-	char buf[512], namebuf[512], *p;
+ 	FILE *f;
+ 
+ 	size = RT_SYM_TAB_INITIAL_SIZE;
+ 	tbl = xmalloc(sizeof(*tbl) + size * sizeof(s));
+ 	nelems = 0;
+ 
+-	f = fopen(filename, "r");
++	f = open_iproute2_db(filename, &path);
+ 	if (f == NULL)
+ 		goto out;
+ 
+@@ -882,7 +910,7 @@ struct symbol_table *rt_symbol_table_init(const char *filename)
+ 		    sscanf(p, "%u %511s\n", &val, namebuf) != 2 &&
+ 		    sscanf(p, "%u %511s #", &val, namebuf) != 2) {
+ 			fprintf(stderr, "iproute database '%s' corrupted\n",
+-				filename);
++				path ?: filename);
+ 			break;
+ 		}
+ 
+@@ -899,6 +927,8 @@ struct symbol_table *rt_symbol_table_init(const char *filename)
+ 
+ 	fclose(f);
+ out:
++	if (path)
++		free(path);
+ 	tbl->symbols[nelems] = SYMBOL_LIST_END;
+ 	return tbl;
+ }
+@@ -914,7 +944,7 @@ void rt_symbol_table_free(const struct symbol_table *tbl)
+ 
+ void mark_table_init(struct nft_ctx *ctx)
+ {
+-	ctx->output.tbl.mark = rt_symbol_table_init("/etc/iproute2/rt_marks");
++	ctx->output.tbl.mark = rt_symbol_table_init("rt_marks");
+ }
+ 
+ void mark_table_exit(struct nft_ctx *ctx)
+diff --git a/src/meta.c b/src/meta.c
+index 8d0b7aae..6f76f003 100644
+--- a/src/meta.c
++++ b/src/meta.c
+@@ -325,7 +325,7 @@ const struct datatype pkttype_type = {
+ 
+ void devgroup_table_init(struct nft_ctx *ctx)
+ {
+-	ctx->output.tbl.devgroup = rt_symbol_table_init("/etc/iproute2/group");
++	ctx->output.tbl.devgroup = rt_symbol_table_init("group");
+ }
+ 
+ void devgroup_table_exit(struct nft_ctx *ctx)
+diff --git a/src/rt.c b/src/rt.c
+index f5c80559..3ee710dd 100644
+--- a/src/rt.c
++++ b/src/rt.c
+@@ -25,7 +25,7 @@
+ 
+ void realm_table_rt_init(struct nft_ctx *ctx)
+ {
+-	ctx->output.tbl.realm = rt_symbol_table_init("/etc/iproute2/rt_realms");
++	ctx->output.tbl.realm = rt_symbol_table_init("rt_realms");
+ }
+ 
+ void realm_table_rt_exit(struct nft_ctx *ctx)
+-- 
+2.33.0
+
diff --git a/nftables.spec b/nftables.spec
index c9f85cc229d1843f4eefbd81f86a2be8d8778ea5..3d218120989abacb9e09f5c2420abc8ec1285dd8 100644
--- a/nftables.spec
+++ b/nftables.spec
@@ -1,6 +1,6 @@
 Name:           nftables
 Version:        1.0.8
-Release:        7
+Release:        8
 Epoch:          1
 Summary:        A subsystem of the Linux kernel processing network data
 License:        GPLv2
@@ -73,6 +73,7 @@ Patch0058:      backport-parser_json-fix-crash-in-json_parse_set_stmt_list.patch
 Patch0059:      backport-parser_json-fix-handle-memleak-from-error-path.patch
 Patch0060:      backport-parser_json-fix-several-expression-memleaks-from-error-path.patch
 Patch0061:      backport-libnftables-Zero-ctx-vars-after-freeing-it.patch
+Patch0062:      backport-datatype-rt_symbol_table_init-to-search-for-iproute2-configs.patch
 
 BuildRequires:  gcc flex bison libmnl-devel gmp-devel readline-devel libnftnl-devel docbook2X systemd
 BuildRequires:  iptables-devel jansson-devel python3-devel
@@ -172,6 +173,12 @@ echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
 %{python3_sitelib}/nftables/
 
 %changelog
+* Fri Aug 22 2025 gaihuiying <eaglegai@163.com> - 1:1.0.8-8
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:backport to fix iproute config files's changing
+
 * Wed Dec 11 2024 gaihuiying <eaglegai@163.com> - 1:1.0.8-7
 - Type:bugfix
 - CVE:NA