Hi, The following patchset contains Netfilter fixes for net: 1) nf_conntrack_tuple_taken() needs to recheck zone for NAT clash resolution, from Florian Westphal. 2) Restore support for stateful expressions when set definition specifies no stateful expressions. Please, pull these changes from: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git Thanks! ---------------------------------------------------------------- The following changes since commit ce7536bc7398e2ae552d2fabb7e0e371a9f1fe46: vsock/virtio: update credit only if socket is not closed (2021-02-08 13:27:46 -0800) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf.git HEAD for you to fetch changes up to 664899e85c1312e51d2761e7f8b2f25d053e8489: netfilter: nftables: relax check for stateful expressions in set definition (2021-02-09 00:50:14 +0100) ---------------------------------------------------------------- Florian Westphal (1): netfilter: conntrack: skip identical origin tuple in same zone only Pablo Neira Ayuso (1): netfilter: nftables: relax check for stateful expressions in set definition net/netfilter/nf_conntrack_core.c | 3 ++- net/netfilter/nf_tables_api.c | 28 +++++++++++++++------------- 2 files changed, 17 insertions(+), 14 deletions(-)