Linux TCP/IP Netfilter
[Prev Page][Next Page]
- Re: ct state vmap no longer works on 6.3 kernel
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ct state vmap no longer works on 6.3 kernel
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Translating iptables rules with TTL, HL and physdev to nftables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Serg <seentr@xxxxxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: seentr@xxxxxxxxxxxx
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: seentr@xxxxxxxxxxxx
- Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- [Announce] Foomuuri - New firewall software using nftables
- From: "Kim B. Heino" <b@xxxxxxxx>
- How to use connection tracking with Docker?
- From: Wenfay <Wenfay@xxxxxxxxxxxxxx>
- UTF8 for non-breaking space reports junk in nftables [was Re: Rule error using ct helper for TFTP]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Rule error using ct helper for TFTP
- From: Dario Alcocer <dalcocer@xxxxxxxxxx>
- Re: Change in nft set element add syntax?
- From: Jacob Middag <jacob@xxxxxxxxx>
- Re: iptables 1.4.16.3 on a Zyxel Router: NOTRACK / CT --notrack not available
- From: Bastian Bittorf <bb@xxxxxx>
- iptables 1.4.16.3 on a Zyxel Router: NOTRACK / CT --notrack not available
- From: Johannes Erwerle <jo@xxxxxxxxxxxxx>
- Re: Help/Advice with Ethernet NAT or "hub-mode" bridge
- From: "Gabriel L. Somlo" <gsomlo@xxxxxxxxx>
- Re: Help/Advice with Ethernet NAT or "hub-mode" bridge
- From: "Gabriel L. Somlo" <gsomlo@xxxxxxxxx>
- Re: Help/Advice with Ethernet NAT or "hub-mode" bridge
- From: "Gabriel L. Somlo" <gsomlo@xxxxxxxxx>
- Help/Advice with Ethernet NAT or "hub-mode" bridge
- From: "Gabriel L. Somlo" <gsomlo@xxxxxxxxx>
- Re: Programmatically adding an element into a map using libnftnl
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Florian Westphal <fw@xxxxxxxxx>
- Programmatically adding an element into a map using libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Florian Westphal <fw@xxxxxxxxx>
- Creating a map programmatically using the C library libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map programmatically with libnftnl
- From: Daniel <tech@xxxxxxxxxx>
- Creating a map programmatically with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: nftables: Internal error when checking rules
- From: Serg <seentr@xxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Serg <seentr@xxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Serg <seentr@xxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Eric <evil.function@xxxxxxxxx>
- nftables: Internal error when checking rules
- From: Serg <seentr@xxxxxxxxxxxx>
- Both SNAT MAC and DNAT MAC on packet
- From: Matthew Bellizzi <matthew.bellizzi@xxxxxxxxx>
- Re: rate-limit ssh for both IPv4 and IPv6
- From: Tim Mooney <Tim.Mooney@xxxxxxxx>
- Re: rate-limit ssh for both IPv4 and IPv6
- From: "Kevin P. Fleming" <lists.netfilter@xxxxxxxxxxxxx>
- rate-limit ssh for both IPv4 and IPv6
- From: Tim Mooney <Tim.Mooney@xxxxxxxx>
- [ANNOUNCE] nftables 1.0.7 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] libnftnl 1.2.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Translating iptables rules with TTL, HL and physdev to nftables
- From: gaaimen1997 <gaaimen1997@xxxxxxxxxxxxxx>
- Re: Bug report DNAT destination not work
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Bug report DNAT destination not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Bug report DNAT destination not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Bug report DNAT destination not work
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Could somebody please explain priorities correctly and in an understandable way?
- From: Binarus <lists@xxxxxxxxxx>
- Re: Could somebody please explain priorities correctly and in an understandable way?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Could somebody please explain priorities correctly and in an understandable way?
- From: Binarus <lists@xxxxxxxxxx>
- Could somebody please explain priorities correctly and in an understandable way?
- From: Binarus <lists@xxxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- DNS answer packet (UDP) can´t catch´d by application
- From: Thomas Grünert <thomas.gruenert@xxxxxxxxxxxxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Fourhundred Thecat <400thecat@xxxxxx>
- Re: ipset: update timeout when IP matches
- From: Mathew Heard <mat999@xxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- ipset: update timeout when IP matches
- From: Fourhundred Thecat <400thecat@xxxxxx>
- Re: drop first SYN packet with nftables
- From: Adel Belhouane <bugs.a.b@xxxxxxx>
- Re: IPVS: conn_tab_bits param for ip_vs > 20 leads to default being set
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: IPVS: conn_tab_bits param for ip_vs > 20 leads to default being set
- From: Abhijeet Rastogi <abhijeet.1989@xxxxxxxxx>
- IPVS: conn_tab_bits param for ip_vs > 20 leads to default being set
- From: Abhijeet Rastogi <abhijeet.1989@xxxxxxxxx>
- allow user to offload tc action to net device : Question
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Subject: Flowtables send packets to broadcast MAC address.
- From: Christian Worm Mortensen <opensource@xxxxxxxx>
- drop first SYN packet with nftables
- From: Stewart Nelson <voip@xxxxxxxxx>
- drop first SYN packet with nftables
- From: Stewart Nelson <sn@xxxxxxxxx>
- Ip route flush table X doesn't delete the table?
- From: Varun Tewari <tewari.varun@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- Question about ulogd2 and hostname
- From: italia azzura <italiazzura@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- [ANNOUNCE] iptables 1.8.9 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: nftables character limits?
- From: Gio <gioflux@xxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Using sets across ip and netdev tables
- From: Beep Beep <the.beep.projects@xxxxxxxxx>
- [ANNOUNCE] ipset 7.17 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: NFT Flowtable HW Offload
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: NFT Flowtable HW Offload
- From: Eric <evil.function@xxxxxxxxx>
- Re: ipset bug (kernel hang)
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- NFT Flowtable HW Offload
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: netfilter flowtable software offload
- From: Andrej Stender <andrej.stender@xxxxxxxxxxxxxxxx>
- Re: nftables tutorial for dummies?
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables tutorial for dummies?
- From: "ad^2" <adsquaired@xxxxxxxxx>
- Re: bftables and scripts question
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: bftables and scripts question
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: bftables and scripts question
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nftables tutorial for dummies?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- bftables and scripts question
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- RE: nftables tutorial for dummies?
- From: "Atkins, Brian" <Brian.Atkins@xxxxxxxxxx>
- netfilter flowtable software offload
- From: yves baumes <ybaumes@xxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- ipset bug (kernel hang)
- From: Марк Коренберг <socketpair@xxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nftables tutorial for dummies?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nftables tutorial for dummies?
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- [ANNOUNCE] nftables 1.0.6 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- nftables tutorial for dummies?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nftables: origin sport after dstnat
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables: origin sport after dstnat
- From: Aaron Fischer <mail@xxxxxxxxxxxxxxxxx>
- Re: nftables: origin sport after dstnat
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables: origin sport after dstnat
- From: Aaron Fischer <mail@xxxxxxxxxxxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Dave Osbourne <dave@xxxxxxxxxxxxxxxxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Brskt <me@xxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Which of these 2 rules will consume more CPU? Please guide.
- From: Amish <anon.amish@xxxxxxxxx>
- [ANNOUNCE] ipset 7.16 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- NAT6 One to One implement in kernel ?
- From: ayaka <ayaka@xxxxxxxxxxx>
- Can Not Send Netlink Messages with Unshare(CLONE_NEWNET)
- From: Hang An <anhang610@xxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.4 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: [ANNOUNCE] ulogd 2.0.8 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] ulogd 2.0.8 release
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [ANNOUNCE] ulogd 2.0.8 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- How to add set element with libnftnl?
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: How to allow traffic over VPN across namespaces using nftables
- From: Ruben Di Battista <rubendibattista@xxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Bruno Meirelles <bmeirelles@xxxxxxxxx>
- Re: Updating set elements from command line
- From: Eric <evil.function@xxxxxxxxx>
- Re: Updating set elements from command line
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Updating set elements from command line
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Updating set elements from command line
- From: Eric <evil.function@xxxxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: "Kevin P. Fleming" <kevin@xxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: "Kevin P. Fleming" <kevin@xxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Reliably flushing individual tables in nftables
- From: "Kevin P. Fleming" <kevin@xxxxxxx>
- [ANNOUNCE] conntrack-tools 1.4.7 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Bruno Meirelles <bmeirelles@xxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Rule does not work. This is configuration error or bug?
- From: Bruno Meirelles <bmeirelles@xxxxxxxxx>
- Bug Report Flowtable NFT with kernel 5.19.9
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Change in nft set element add syntax?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Bruno de Paula Larini <bruno.larini@xxxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Bruno de Paula Larini <bruno.larini@xxxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Florian Westphal <fw@xxxxxxxxx>
- BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Bruno de Paula Larini <bruno.larini@xxxxxxxxxxxxxx>
- [doc?] nftables; symbolic variable definition only allows suffixed comments
- From: grin <grin@xxxxxxx>
- Re: how to use meters?
- From: Kamil Jońca <kjonca@xxxxx>
- Re: how to use meters?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- how to use meters?
- From: Kamil Jońca <kjonca@xxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Fwd: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: conntrackd "issue" in asymmetric scenario with TCP vs ICMP
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Raw payload matching beyond 2040 bits
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: List chain during attack high CPU usage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrackd "issue" in asymmetric scenario with TCP vs ICMP
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Segmentation fault when starting conntrackd
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Segmentation fault when starting conntrackd
- From: "Viton, Pedro (Nokia - ES/Madrid)" <pedro.viton@xxxxxxxxx>
- conntrackd "issue" in asymmetric scenario with TCP vs ICMP
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: List chain during attack high CPU usage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- RE: [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain
- From: "Vink, Ronald" <ronald.vink@xxxxxxxxxxxx>
- [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- List chain during attack high CPU usage
- From: Brskt <contact@xxxxxxxx>
- egress hook
- From: Lynx de Cat <lynx.light0@xxxxxxxxx>
- Re: Upgrading iptables firewall on Red Hat Enterprise Linux 9.0
- From: John Haxby <john.haxby@xxxxxxxxxx>
- Re: Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Raw payload matching beyond 2040 bits
- From: Florian Westphal <fw@xxxxxxxxx>
- Raw payload matching beyond 2040 bits
- From: Julien Moutinho <julm+netfilter@xxxxxxxxxxxxxx>
- Re: Packets lost in netfilter & Altering outgoing packet's mac address
- From: Florian Westphal <fw@xxxxxxxxx>
- Packets lost in netfilter & Altering outgoing packet's mac address
- From: Ludvig Sandh <givdul11@xxxxxxxxxx>
- Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Running nft --check as non-root
- From: Peter Hoeg <peter@xxxxxxxx>
- Re: Running nft --check as non-root
- From: Florian Westphal <fw@xxxxxxxxx>
- Running nft --check as non-root
- From: Peter Hoeg <peter@xxxxxxxx>
- [ANNOUNCE] nftables 1.0.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Requirements for nft nat pre/postrouting chains?
- From: Dominique MARTINET <dominique.martinet@xxxxxxxxxxxxxxxxx>
- Requirements for nft nat pre/postrouting chains?
- From: Dominique MARTINET <dominique.martinet@xxxxxxxxxxxxxxxxx>
- Select a wrong source address on ipv4 masquerade
- From: Hiroaki Mizuguchi <mhiroaki@xxxxxxxxx>
- Re: REDIRECTing many ports to one leads to 4-tuple conflicts
- From: John Howard <howardjohn@xxxxxxxxxx>
- Re: REDIRECTing many ports to one leads to 4-tuple conflicts
- From: John Howard <howardjohn@xxxxxxxxxx>
- REDIRECTing many ports to one leads to 4-tuple conflicts
- From: John Howard <howardjohn@xxxxxxxxxx>
- Re: nf_queue flush on deletion
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Bug in the wiki
- From: "B. Ohnsorg" <b.ohnsorg@xxxxxxxxxx>
- Re: CONNMARK rules
- From: Richard Lucassen <mailinglists@xxxxxx>
- Re: CONNMARK rules
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- CONNMARK rules
- From: Richard Lucassen <mailinglists@xxxxxx>
- Re: Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- limit usage
- From: Ignacio Freyre <nachofw@xxxxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Kiernan George <kbg98@xxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ABI Breakage - nftnl_rule_parse_attr_cb
- From: Kiernan George <kbg98@xxxxxx>
- Re: Create Rule w/ Source IP Example
- From: Florian Westphal <fw@xxxxxxxxx>
- Create Rule w/ Source IP Example
- From: Kiernan George <kbg98@xxxxxx>
- Re: iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Gmail Support <testingforadept@xxxxxxxxx>
- Re: iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Florian Westphal <fw@xxxxxxxxx>
- iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Amish <anon.amish@xxxxxxxxx>
- Routing table does not assign correct output IP address after nftables "chain" chain
- From: Tito Sacchi <tito@xxxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Bridge table: binding the rules to specific instances of the bridge
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Support for String Match Blocking in NFTables
- From: Gmail Support <testingforadept@xxxxxxxxx>
- nf_queue flush on deletion
- From: Jordan Griege <jgriege@xxxxxxxxxxxxxx>
- extra chains for nftrace
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Joshua Moore <j@xxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Chris Hall <netfilter@xxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Benny Lyne Amorsen <benny+usenet@xxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Matt <lists@xxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Chris Hall <netfilter@xxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Gio <gioflux@xxxxxxxxx>
- [ANNOUNCE] nftables 1.0.4 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Validating this is the right conntrack ruleset
- From: Gio <gioflux@xxxxxxxxx>
- Re: mixed address family sets and rules in nft
- From: "Alov, Igor" <alov.igor@xxxxxxxxx>
- Re: mixed address family sets and rules in nft
- From: Kamil Jońca <kjonca@xxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- mixed address family sets and rules in nft
- From: Marc Haber <mh+netfilter@xxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Timothy Ham <timothyham@xxxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: IPTables ISP Open Port Notices
- From: Alex Buie <alex.buie@xxxxxxxxx>
- libnftables JSON output does not show comment attribute for counter
- From: Sandro <lists@xxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Alex Buie <alex.buie@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Kamil Jońca <kjonca@xxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Alex Buie <alex.buie@xxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: IPTables ISP Open Port Notices
- From: Dave Osbourne <dave@xxxxxxxxxxxxxxxxxx>
- IPTables ISP Open Port Notices
- From: Robert Steinmetz <rob@xxxxxxxxxxxxxxxx>
- [ANNOUNCE] nftables 1.0.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: exclude named sets
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
- Re: traffic shaping with tc and nft
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: traffic shaping with tc and nft
- From: Kamil Jońca <kjonca@xxxxx>
- traffic shaping with tc and nft
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: exclude named sets
- From: Andrew Clark <andrewclarkii@xxxxxxxxx>
- Re: exclude named sets
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Re: exclude named sets
- From: Kamil Jońca <kjonca@xxxxx>
- Re: exclude named sets
- From: Andrew Clark <andrewclarkii@xxxxxxxxx>
- Re: exclude named sets
- From: Kamil Jońca <kjonca@xxxxx>
- exclude named sets
- From: Andrew Clark <andrewclarkii@xxxxxxxxx>
- set of sets
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: nftables: priority handling for changes on the same table
- From: Kamil Jońca <kjonca@xxxxx>
- nftables: priority handling for changes on the same table
- From: Florian Eckert <fe@xxxxxxxxxx>
- Re: "nft --check" not warning about missing statement in rule
- From: Florian Westphal <fw@xxxxxxxxx>
- "nft --check" not warning about missing statement in rule
- From: Alexander Helmer <a.helmer@xxxxxxxxxxxx>
- it is possible to use link group or vrf to make a netdev hook?
- From: "Alov, Igor" <alov.igor@xxxxxxxxx>
- [ANNOUNCE] iptables 1.8.8 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- target and match expression "info" payload decoding in nftables expressions in netlink messages
- From: Harald Albrecht <Harald.Albrecht@xxxxxxx>
- Re: Question about "masquerade"
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- Re: Question about "masquerade"
- From: Florian Westphal <fw@xxxxxxxxx>
- Question about "masquerade"
- From: Kamil Jońca <kjonca@xxxxx>
- Multiple protocols in conntrack tool filtering
- From: Olivier <oza.4h07@xxxxxxxxx>
- [ANNOUNCE] libnetfilter_cttimeout 1.0.1 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- [ANNOUNCE] libnetfilter_cthelper 1.0.1 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: cannot allow outbound ping traffic
- From: Linux Scoop <linuxscoop@xxxxxxxxx>
- Re: cannot allow outbound ping traffic
- From: Paulo Ricardo Bruck <pauloric@xxxxxxxxxxxxxxxx>
- cannot allow outbound ping traffic
- From: Linux Scoop <linuxscoop@xxxxxxxxx>
- Re: Conditional inclusion of parts of nft file?
- From: Jesper Dybdal <netfilter@xxxxxxxxx>
- Number of rules?
- From: <paul.guijt@xxxxxxxxx>
- Re: nft add element .. too many fiules opened
- From: Florian Westphal <fw@xxxxxxxxx>
- nft add element .. too many fiules opened
- From: Peter Hudec <peter@xxxxxxxxxxxxxxxx>
- Conditional inclusion of parts of nft file?
- From: Jesper Dybdal <netfilter@xxxxxxxxx>
- Re: using sets as snat targets in nat tables
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- Re: using sets as snat targets in nat tables
- From: Kamil Jońca <kjonca@xxxxx>
- using sets as snat targets in nat tables
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- NFTABLES - BRIDGE TRANSPARENT FIREWALL
- From: Computer Planet <amministrazione@xxxxxxxxxxxxxxx>
- Re: nftables snat map with ports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- RE: nft JSON rule output order
- From: "Atkins, Brian" <Brian.Atkins@xxxxxxxxxx>
- Re: nft JSON rule output order
- From: Kamil Jońca <kjonca@xxxxx>
- nftwatch bug fixes
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- nft JSON rule output order
- From: "Atkins, Brian" <Brian.Atkins@xxxxxxxxxx>
- Re: Proper way to ipsec filtering
- From: Kamil Jońca <kjonca@xxxxx>
- Re: Proper way to ipsec filtering
- From: Florian Westphal <fw@xxxxxxxxx>
- New tool to watch nftables counters - nftwatch
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- Proper way to ipsec filtering
- From: Kamil Jońca <kjonca@xxxxx>
- Proper way to use counters for a specific child chain
- From: Gio <gioflux@xxxxxxxxx>
- Re: ebtables complains about the speeding up example
- From: Cédric Martínez Campos <cedricmartinezcampos@xxxxxxxxx>
- Re: ebtables complains about the speeding up example
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ebtables complains about the speeding up example
- From: Cédric Martínez Campos <cedricmartinezcampos@xxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Error when using 'time' statement in nftables 1.0.2 rule
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Dropping L2 PTP packets using nftables
- From: Joseph Richard <joseph.richard@xxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Fw: nftables portknocking
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- [ANNOUNCE] libnfnetlink 1.0.2 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Redirect rule directly dropping packet
- From: "Boyd, Patrick" <Patrick.Boyd@xxxxxxxx>
- [ANNOUNCE] libmnl 1.0.5 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: SNAT not translating all iperf3 packets
- From: dynexbeats <dynexbeats@xxxxxxxxxxxxxx>
- Aw: Fw: nftables portknocking
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- SNAT not translating all iperf3 packets
- From: dynexbeats <dynexbeats@xxxxxxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: json_cmd not working as intended
- From: Léo El Amri <leo@xxxxxxxxxxx>
- Misleading include documentation
- From: Michaël PAULON <michael@xxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Florian Westphal <fw@xxxxxxxxx>
- bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- json_cmd not working as intended
- From: Francisco Albani <francisco.albani@xxxxxxxxxxxxxx>
- nftables portknocking
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Port pool of CentOS machine
- From: Ameen Al-Azzawi <ameen.azzawi@xxxxxxxxx>
- Re: IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- Re: IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- Re: nftables + docker
- From: Jarno Pelkonen <jarno.pelkonen@xxxxxxxxx>
- nftables + docker
- From: Matthew Ellquist <mellqui@xxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [ANNOUNCE] nftables 1.0.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- UDP IPVS: Incorrect conntrack entry in reply tuple
- From: Vivek Thrivikraman <vivek.thrivikraman@xxxxxxxx>
- [ANNOUNCE] libnetfilter_conntrack 1.0.9 release
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Want to match on a value from a map lookup
- From: Kyle Rose <krose@xxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Named sets/maps and atomic reload of the ruleset
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Directing some containers into a lower priority interface
- From: Daniel Gray <dngray@xxxxxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- [ANNOUNCE] Settlement with Patrick McHardy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [RFC PATCH 0/2] landlock network implementation cover letter
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- how to SNAT GRE tunneling?
- From: G7fya GoQ8 <falazemi@xxxxxxxxx>
- nftables: Using ip6 dscp in maps
- From: Brian Davidson <davidson.brian@xxxxxxxxx>
- Re: How to understand causes of invalid state for an OUPUT SYNACK packet
- From: Jerome Barotin <jbn@xxxxxx>
- Re: How to understand causes of invalid state for an OUPUT SYNACK packet
- From: Florian Westphal <fw@xxxxxxxxx>
- How to understand causes of invalid state for an OUPUT SYNACK packet
- From: Jerome Barotin <jbn@xxxxxx>
- RE: Query on CLOSED conntrack entry for sctp
- From: Vivek Thrivikraman <vivek.thrivikraman@xxxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: Stefano Brivio <sbrivio@xxxxxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- How to log NAT connections with nftables ?
- From: Olivier <oza.4h07@xxxxxxxxx>
- nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- Re: What is the GPRINT output plugin for?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Consolidating rules
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: Broken link
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Broken link
- From: yves baumes <ybaumes@xxxxxxxxx>
- Consolidating rules
- From: yves baumes <ybaumes@xxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- nftables character limits?
- From: Gio <gioflux@xxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- RE: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- RE: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Query on CLOSED conntrack entry for sctp
- From: Vivek Thrivikraman <vivek.thrivikraman@xxxxxxxx>
- packet drops after nft migration
- From: Stanisław Czech <s.czech@xxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Matching metainformation cgroup fails on input, works on output.
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: Matching metainformation cgroup fails on input, works on output.
- From: Vladimir Nikishkin <lockywolf@xxxxxxxxx>
- Re: Matching metainformation cgroup fails on input, works on output.
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- Matching metainformation cgroup fails on input, works on output.
- From: Vladimir Nikishkin <lockywolf@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Daniel <tech@xxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- netfilter and virtual machines
- From: Ross Boylan <rossboylan@xxxxxxxxxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Eric Garver <eric@xxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Daniel <tech@xxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Meaning of "." (dot) in netfilter
- From: Ross Boylan <rossboylan@xxxxxxxxxxxxxxxxxx>
- AW: Recovery of packet size
- From: Thomas Bätzler <t.baetzler@xxxxxxxxxx>
- Recovery of packet size
- From: Michael Dickensheets <michael.dickensheets@xxxxxxxxx>
- What is the GPRINT output plugin for?
- From: Vladimir Nikishkin <lockywolf@xxxxxxxxx>
- Re: conntrackd syncing specific ct zones
- From: Tobias Urdin <tobias.urdin@xxxxxxxxxx>
- Re: bridge-nf-filter-pppoe-tagged not working as expected
- From: Amish Chana <amish@xxxxxxxx>
- Re: Both { tcp, udp} in meta vmap
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Issues with SIP NAT for SDP/RTP Addresses
- From: John Marrett <johnf@xxxxxxxxxxxxxx>
- Re: Both { tcp, udp} in meta vmap
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Both { tcp, udp} in meta vmap
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- [ANNOUNCE] nftables 1.0.1 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.1 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnetfilter_log 1.0.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: bridge-nf-filter-pppoe-tagged not working as expected
- From: Florian Westphal <fw@xxxxxxxxx>
- bridge-nf-filter-pppoe-tagged not working as expected
- From: Amish Chana <amish@xxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Issues with SIP NAT for SDP/RTP Addresses
- From: John Marrett <johnf@xxxxxxxxxxxxxx>
- Issues with SIP NAT for SDP/RTP Addresses
- From: John Marrett <johnf@xxxxxxxxxxxxxx>
- Re: learning to understand iptables
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: learning to understand iptables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: learning to understand iptables
- From: serando <serando@xxxxxxxxxx>
- Re: learning to understand iptables
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- learning to understand iptables
- From: serando <serando@xxxxxxxxxx>
- Re: Improvements to the Home Router Wiki page
- From: Timothy Ham <timothyham@xxxxxxxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: reporting a bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft named set address types
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- reporting a bug?
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Improvements to the Home Router Wiki page
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- RE: Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests
- From: Marc <Marc@xxxxxxxxxxxxxxxxx>
- Re: how to mark a prerouting package so it will go through my ip route rule
- From: Jelle de Jong <jelledejong@xxxxxxxxxxxxx>
- how to mark a prerouting package so it will go through my ip route rule
- From: Jelle de Jong <jelledejong@xxxxxxxxxxxxx>
- Improvements to the Home Router Wiki page
- From: Timothy Ham <timothyham@xxxxxxxxxxxxxx>
- Re: Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests
- From: Philip Prindeville <philipp_subx@xxxxxxxxxxxxxxxxxxxxx>
- Getting systemd-nspawn to work with my ruleset
- From: Kevin P <petrilli.kevin@xxxxxxxxx>
- Re: nft list empty
- From: Nathan Wagner <nw@xxxxxxxxxxxxxxx>
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft list empty
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft list empty
- From: Nathan Wagner <nw@xxxxxxxxxxxxxxx>
- Re: nft list empty
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- nft list empty
- From: Nathan Wagner <nw@xxxxxxxxxxxxxxx>
- capwap protocol nested header
- Re: Need help
- From: Daniel <tech@xxxxxxxxxx>
- Need help
- From: Brad Knorr <bradley@xxxxxxxxxxxxxxx>
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Flowtable hardware offload
- From: iphone4004@xxxxxxxxxxxx
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Fwd: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Re: Deleting rules question
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Deleting rules question
- From: Daniel <tech@xxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- packet reassembling and fragmentation
- From: VELARTIS Philipp Dürhammer <p.duerhammer@xxxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Netfilter flow schematic: routing decision and output hook question
- From: Andrew Bate <mail@xxxxxxxxxxxxxx>
- Re: Invalidate conntrack using iptables rule
- From: halfdog <me@xxxxxxxxxxx>
- Re: How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: broken page
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Matt Mercer <matt.mercer@xxxxxxxxxxxxxxxxx>
- broken page
- From: Paulo Ricardo Bruck <paulobruck1@xxxxxxxxx>
- How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: Shivam Sandbhor <shivam@xxxxxxxxxxxx>
- How to load-balance tcp flows to internal dummy interfaces for parallel traffic capture?
- From: Simon Mullis <simon@xxxxxxxxxxxx>
- RE: netfilter 10,000' overview
- From: "Jeff" <jnewman67@xxxxxxx>
- Re: netfilter 10,000' overview
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: testing if a named set exists?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: netfilter 10,000' overview
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: testing if a named set exists?
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: testing if a named set exists?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: testing if a named set exists?
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- testing if a named set exists?
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- netfilter 10,000' overview
- From: "Jeff" <jnewman67@xxxxxxx>
- Hashlimit without meters in nftables?
- From: Mike Lee <curby@xxxxxx>
- Re: nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: integers byte order in netlink/NETLINK_NETFILTER messages
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: base chains with same hook, same priority
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: upper limit on number of ip addresses in an NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM message
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- upper limit on number of ip addresses in an NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM message
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- invalid type
- From: Paulo Ricardo Bruck <paulobruck1@xxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Matt Mercer <matt.mercer@xxxxxxxxxxxxxxxxx>
- Re: Fwd: nftables and connection tracking
- From: Daniel <tech@xxxxxxxxxx>
- Fwd: nftables and connection tracking
- From: Marek Greško <mgresko8@xxxxxxxxx>
- Aw: Re: nft 0.9.8 - error in mnl.c - with addition hw interfaces
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: nft 0.9.8 - error in mnl.c - with addition hw interfaces
- From: Eric Garver <eric@xxxxxxxxxxx>
- nft 0.9.8 - error in mnl.c - with addition hw interfaces
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] conntrackd: cache: fix zone entry uniqueness in external cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- conntrackd internal cache growing indefinitely in active-active setup
- From: Matt Mercer <matt.mercer@xxxxxxxxxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: integers byte order in netlink/NETLINK_NETFILTER messages
- From: Florian Westphal <fw@xxxxxxxxx>
- integers byte order in netlink/NETLINK_NETFILTER messages
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: wiki.nftables.org down?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: wiki.nftables.org down?
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite News]
[Samba]