Linux Netfilter / IP Tables
[Prev Page][Next Page]
- How to log NAT connections with nftables ?, Olivier
- nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more,
etkaar
- nftables stateless NAT in raw table mangles fragmented UDP packets,
Steffen Weinreich
- Broken link,
yves baumes
- Consolidating rules,
yves baumes
- [RFC PATCH 0/1] Landlock network PoC,
Konstantin Meskhidze
- nftables character limits?, Gio
- Re: [RFC PATCH 0/2] Landlock network PoC implementation,
Mickaël Salaün
- Query on CLOSED conntrack entry for sctp, Vivek Thrivikraman
- packet drops after nft migration, Stanisław Czech
- Matching metainformation cgroup fails on input, works on output.,
Vladimir Nikishkin
- netfilter and virtual machines, Ross Boylan
- delete matching rule like it can be done in case of iptables,
Amish
- Meaning of "." (dot) in netfilter,
Ross Boylan
- Recovery of packet size,
Michael Dickensheets
- What is the GPRINT output plugin for?,
Vladimir Nikishkin
- Both { tcp, udp} in meta vmap,
Matt Zagrabelny
- [ANNOUNCE] nftables 1.0.1 release, Pablo Neira Ayuso
- [ANNOUNCE] libnftnl 1.2.1 release, Pablo Neira Ayuso
- [ANNOUNCE] libnetfilter_log 1.0.2 release, Pablo Neira Ayuso
- bridge-nf-filter-pppoe-tagged not working as expected,
Amish Chana
- Issues with SIP NAT for SDP/RTP Addresses,
John Marrett
- learning to understand iptables,
serando
- reporting a bug?,
Matt Zagrabelny
- nft named set address types,
Matt Zagrabelny
- how to mark a prerouting package so it will go through my ip route rule,
Jelle de Jong
- Improvements to the Home Router Wiki page,
Timothy Ham
- Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests,
Philip Prindeville
- Getting systemd-nspawn to work with my ruleset, Kevin P
- nft list empty,
Nathan Wagner
- capwap protocol nested header, pupilla
- Flowtable hardware offload, iphone4004
- nft numeric output translates tcp flags rule so it cannot be loaded again,
Benno
- Deleting rules question,
Daniel
- packet reassembling and fragmentation, VELARTIS Philipp Dürhammer
- Netfilter flow schematic: routing decision and output hook question, Andrew Bate
- broken page,
Paulo Ricardo Bruck
- How to add overlapping CIDR blocks in a set and have a way delete them ?,
Shivam Sandbhor
- How to load-balance tcp flows to internal dummy interfaces for parallel traffic capture?, Simon Mullis
- testing if a named set exists?,
Matt Zagrabelny
- netfilter 10,000' overview,
Jeff
Hashlimit without meters in nftables?, Mike Lee
nft set load metrics,
Cristian Constantin
upper limit on number of ip addresses in an NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM message,
Cristian Constantin
invalid type, Paulo Ricardo Bruck
nft 0.9.8 - error in mnl.c - with addition hw interfaces,
Frank Wunderlich
conntrackd internal cache growing indefinitely in active-active setup,
Matt Mercer
integers byte order in netlink/NETLINK_NETFILTER messages,
Cristian Constantin
Re: list vmap counter errot, Pablo Neira Ayuso
base chains with same hook, same priority,
Cristian Constantin
wiki.nftables.org down?,
Matt Zagrabelny
Haproxy's "send-proxy-v2" doesn’t work when conntrack is disabled,
InterNetX - Marc Reymann
nft set type list, Fatih USTA
Error: conflicting intervals specified - Bullseye 0.9.8,
Daniel
conntrackd syncing specific ct zones,
Tobias Urdin
Upgrading from kernel 5.12.19 to 5.13.13 made "ct state invalid" match IPv6 link-local addresses in tunnels, Marcel Menzel
Cannot reference sets in later rules until next nft run,
martin f krafft
Fwd: IP daddr filtering not working for non-routable address,
Niko Kortström
Invalidate conntrack using iptables rule,
halfdog
How to disable network access for certain applications via nftables?, Sheran
[ANNOUNCE] nftables 1.0.0 release,
Pablo Neira Ayuso
conntrack: confirm existing but do not create new entries,
Eugene Crosser
NAT - how external source port is selected,
Daniel
AW: NAT - how external source port is selected, Thomas Bätzler
nft tool slow down due to large ipv4 addresses sets,
Cristian Constantin
[PATCH] conntrackd: cache: fix zone entry uniqueness in external cache,
Adam Casella
ulogd packet based logging with CT info,
Blažej Krajňák
nfnetlink_queue -- why linear lookup ?, alexandre.ferrieux
nftables - quota isn't working?,
pauloric
Why aren't INPUT and FORWARD chains available to a locally-generated packet?,
Harry S
Re: Why aren't INPUT and FORWARD chains available to a locally-generated packet?, Reindl Harald
[ANNOUNCE] ipset 7.15 released, Jozsef Kadlecsik
which example to use?, Stéphane Charette
[ANNOUNCE] ipset 7.14 released, Jozsef Kadlecsik
[nft] Regarding `tcp flags` (and a potential bug),
Tom Yan
[ANNOUNCE] ipset 7.13 released,
Jozsef Kadlecsik
Dropping UDP packets to port 53 containing known domain string?,
Tom
Feature request on ip[6]tables-restore-translate, Stephen Satchell
OK, IPv4 vs IPv6 is driving me crazy,
Stephen Satchell
nftables element not in set,
Stephen Satchell
Criticism welcome: nftables rp_filtering in and out, Stephen Satchell
OK, I give up., Stephen Satchell
Need two routers in tandem to implement BGP38?, Stephen Satchell
ip[6]tables implementation of rf_filter, Stephen Satchell
Handle a packet by netfilter after traversing a veth pair,
Eugene Crosser
Netfilter rules to replicate, consume ingress packet locally and forward clone packet,
rakesh goyal
Redirect all traffic or range of ports to an IP,
Daniel
Strange behavior of the ctdir option, CoD DoC
IP Addresses Changed to Hostnames in IPTables,
slow_speed
Re: IP Addresses Changed to Hostnames in IPTables, Reindl Harald
libnetfilter_queue: Access conntrack info,
Psyspy 22
Reload IPtables,
slow_speed
Problem when routing UDP port 53, Pierre Couderc
Legacy?,
slow_speed
Rules,
slow_speed
How to rewrite dest.IP of UDP packets, cloned by TEE target?, Thomas Conrath
Question regarding licensing terms and compliance, 洪湘晴
nftables CONFIG_NFT_OBJREF "ct helper set", Stefan Hartmann
#netfilter IRC channel now on libera.chat, Arturo Borrero Gonzalez
[ANNOUNCE] nftables 0.9.9 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.0 release, Pablo Neira Ayuso
libnetfilter_conntrack: ABI breakage error,
Psyspy 22
Possible to load balance (nftlb) mostly NFS traffic with important connections?,
Carsten Aulbert
Running an active/active firewall/router (xt_cluster?),
Oliver Freyermuth
Re: Running an active/active firewall/router (xt_cluster?), Pablo Neira Ayuso
Forcing SNAT to preserve the original source port, Carsten
wiki.nftables.org down,
Frank Myhr
Commas or Spaces?,
slow_speed
nf does not DNAT, but also does not not-NAT, Przemysław Kowalczyk
nftables equivalent for iptable rules.,
R C
Why is it impossible to DNAT 127.0.0.0/8?,
Quentin, Lars
Flowtable with ppp/bridge,
Frank Wunderlich
nftables auto-merge on combined sets,
Frömmel, Christian
conntrackd inverted NAT address, endianness issue?,
Tao Gong
nftables support for cgroup v2 filtering by path,
Yves Perrenoud
nftables port forward on DHCP interface to static IP,
Pekka Järvinen
Fail-closed option? (Make all policies "drop" by default for newly created namespaces),
mose
ebtables rules for specific bridge, Ian Pilcher
device list reversed,
Frank Wunderlich
List and reimport Ruleset fails with "Error: transport protocol mapping is only valid after transport protocol match",
Henning Reich
nftables "stateful object" nomenclature,
Frank Myhr
SNAT/Masquerade not modifying the Source IP randomly, Pavan Amancherla
nft show counter,
Frank Wunderlich
bridge-nf-call-iptables: checking bridge vs. IP context?,
Linus Lüssing
Creating named set,
paul.guijt
Script to manage a simple DynDNS whitelist based firewall using nftables, etkaar
hw flow offload - nft crosscompile,
Frank Wunderlich
Startup script for ssdp helper app, Budge
nfqueue ethernet packet frame capture,
ilker
How to troubleshoot (suspected) flowtable lockups/packet drops?,
Martin Gignac
How to concatenate subnet with port in a set?,
etkaar
wiki.nftables.org Certificate expired,
Philipp Rintz
Traffic drops when using flow offload for nftables based NAT,
tech
[HEADS UP] bugzilla.netfilter.org is under maintainance,
Pablo Neira Ayuso
IP MASQUERADE isn't working properly, Ameen Al-Azzawi
when will nftables have ability to delete matching rule like iptables?,
Amish
nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...,
Stefan Hartmann
nft_set_type, Frank Myhr
Matching l3mdev output interface in snat,
Daniele Orlandi
iptables masquerade source ip selection issue, Derrick Lim
'Did not kill' written out when redirecting 'nft list ruleset' in 0.9.8,
Martin Gignac
[ANNOUNCE] ipset 7.11 released, Jozsef Kadlecsik
libnetfilter_queue : Parsing payload,
Psyspy 22
libnetfilter_queue example, Psyspy 22
iptables-nft: masquerade choosing wrong source ip on lo, Etienne Champetier
Wildcards / large ranges in concatenations,
Frank Myhr
Initial loading of ruleset slower than subsequent tries, Martin Bochenek
traffic shaping with tc on Linux 5.4.x,
Lars Noodén
Incoming Connections with IPv6 NETMAP for Multiple ISPs Only Work for 1 ISP at a time., Adam Goldberg
Constraints on nft expressions and statements in inet ingress chains,
Frank Myhr
Unable to create a chain called "trace",
Martin Gignac
Where is the ICMP *type* information in nft 0.9.8 trace output?,
Martin Gignac
FTP behind NAT on a non-standard port,
mikhalich123
nftables typeof concatenation support for vmap?,
Frank Myhr
[ERROR] inject-add2: File exists / [ERROR] inject-upd2: Device or resource busy, Bernd Naumann
parser problem in range map?,
Andreas Schultz
libnetfilter_queue needs libnfnetlink?, Psyspy 22
Use case of nftables + Linux combination as network firewall,
Younwook Jang
Migrate ipsets to nftables,
Nikolai Lusan
where in kernel is conntrack-matching done?, linux-netfilter-list
[ANNOUNCE] iptables 1.8.7 release, Phil Sutter
[ANNOUNCE] nftables 0.9.8 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.1.9 release, Pablo Neira Ayuso
nftables: counters in sets missing from nft --json output, Julian Somers
NFULNL_CFG_F_CONNTRACK and IPv6,
Rafael David Tinoco
Matching streaming services,
Nikolai Lusan
nftables with dinamic ip6,
Paulo Ricardo Bruck
BUG: IPv4 conntrack reassembles forwarded packets, Christian Perle
How to edit nftables wiki pages?,
Jay Tuckey
[PATCH libnetfilter_conntrack] examples: check return value of nfct_nlmsg_build(), Eyal Birger
Correction to nftables wiki,
Brian Pond
[ANNOUNCE] ipset 7.10 released, Jozsef Kadlecsik
First packet NAT flow,
Rafael Ganascim
nftables Set Bug with interval & timeout Flags,
Mike Dillinger
Flowtable in a load balancer, Eliezer Croitor
Assistance to troubleshoot nf_nat bug, Mathew Heard
NAT table seems to be skipped for TCP traffic,
Nicholas Amon
[FYI] summary of Netfilter workshop 2020 virtual, Arturo Borrero Gonzalez
FTFW with multicast not working properly,
Jean-Sébastien Frerot
Re: How to Unblock IP Address of Email Client in Linux iptables Firewall in Linux Mail Server, G.W. Haywood
nftables "meta priority set" not working,
Daniel Lakeland
mistakes on wiki,
bbmt
FYI - how to use libnftables in python,
Arturo Borrero Gonzalez
[ANNOUNCE] ipset 7.8 released,
Jozsef Kadlecsik
[nftables] cross compiling for arm-linux-gnueabihf?,
ѽ҉ᶬḳ℠
[nftables] frame rate limiting per day/minute not working (bug ?),
ѽ҉ᶬḳ℠
[nftables] frame rate limiting clashing with log rate limiting (bug ?), ѽ҉ᶬḳ℠
Filtering and counting traffic based on the ethernet address, Jonathan Horn
vmap declaration style, Kyle Rose
connlimit allows more established conns than the limit set,
Hildegard Meier
[Index of Archives]
[Linux Netfilter Development]
[Advanced Routing & Traffice Control]
[Netem]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
[Linux Kernel Development]
