Linux TCP/IP Netfilter
[Prev Page][Next Page]
- Re: Display Masquerade mappings
- From: Frank Carmickle <frank@xxxxxxxxxxxxx>
- Re: Display Masquerade mappings
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Display Masquerade mappings
- From: Paul Crossley <p.t.crossley@xxxxxxxxx>
- Re: number of elements in nftables set
- From: Florian Westphal <fw@xxxxxxxxx>
- number of elements in nftables set
- From: Pavel Kasparek <pavel.kasparek@xxxxxxxxxx>
- Re: ipset swap to nftables set
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: ipset swap to nftables set
- From: marek <cervajs64@xxxxxxxxx>
- Re: Detecting socks5 frames on server side
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: ipset swap to nftables set
- From: "Kerin Millar" <kfm@xxxxxxxxxxxxx>
- Re: ipset swap to nftables set
- From: "Kerin Millar" <kfm@xxxxxxxxxxxxx>
- Re: ipset swap to nftables set
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: ipset swap to nftables set
- From: Eric <evil.function@xxxxxxxxx>
- ipset swap to nftables set
- From: marek <cervajs64@xxxxxxxxx>
- [ANNOUNCE] conntrack-tools 1.4.8 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Detecting socks5 frames on server side
- From: List Support <list@xxxxxxxxxx>
- Drop tcp close tcp
- From: "Louis R. Fasullo" <contact@xxxxxxxxxxxxxxxx>
- Re: [ANNOUNCE] ipset 7.18 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- [ANNOUNCE] ipset 7.19 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: [PATCH] build: Fix double-prefix w/ pkgconfig
- From: Phil Sutter <phil@xxxxxx>
- [PATCH] build: Fix double-prefix w/ pkgconfig
- From: Sam James <sam@xxxxxxxxxx>
- Re: [ANNOUNCE] ipset 7.18 released
- From: Sam James <sam@xxxxxxxxxx>
- Re: [ANNOUNCE] ipset 7.18 released
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [ANNOUNCE] ipset 7.18 released
- From: Jan Engelhardt <jengelh@xxxxxxx>
- Re: [ANNOUNCE] ipset 7.18 released
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [ANNOUNCE] ipset 7.18 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- [ANNOUNCE] nftlb 1.0.9 release
- From: Laura García Liébana <nevola@xxxxxxxxx>
- Re: BUG REPORT : [patch V2 0/4] net, refcount: Address dst_entry reference count scalability issues - rcuref_put_slowpath+0x5f
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Could not load match [tcp udp conntrack] BPi R2-Pro Rockchip 3568
- From: Household Cang <canghousehold@xxxxxxx>
- Re: Is nftables thread safe?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Is nftables thread safe?
- From: Wayne Bao <herecomeswaynebao0811@xxxxxxxxx>
- Presentation of a tool for firewall testing!
- From: Abdul Pallarès Calvi <abdulc@xxxxxxxxxxxx>
- Re: failing fail-over - commit still in progress
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: counter target
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: counter target
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: counter target
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: failing fail-over - commit still in progress
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: counter target
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- counter target
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: failing fail-over - commit still in progress
- From: Pierre-Philipp Braun <pbraun@xxxxxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: nft tproxy failed to redirect on one system
- From: Carl Lei <me@xxxxxxxxxxxx>
- Re: Fwd: question about using conntrack to change the mark
- From: Tony He <huangya90@xxxxxxxxx>
- Re: nft tproxy failed to redirect on one system
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Fwd: question about using conntrack to change the mark
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: List chain during attack high CPU usage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Fwd: question about using conntrack to change the mark
- From: Tony He <huangya90@xxxxxxxxx>
- Re: Fwd: question about using conntrack to change the mark
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Fwd: question about using conntrack to change the mark
- From: Tony He <huangya90@xxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Fwd: question about using conntrack to change the mark
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Fwd: question about using conntrack to change the mark
- From: Tony He <huangya90@xxxxxxxxx>
- Re: Fwd: question about using conntrack to change the mark
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: failing fail-over - commit still in progress
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft tproxy failed to redirect on one system
- From: Carl Lei <me@xxxxxxxxxxxx>
- Fwd: question about using conntrack to change the mark
- From: Tony He <huangya90@xxxxxxxxx>
- Re: failing fail-over - commit still in progress
- From: Pierre-Philipp Braun <pbraun@xxxxxxxxxxxx>
- Why does the cgroup iptables extension not work generally with the INPUT chain?
- From: Anselm Schüler <mail@xxxxxxxxxxxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Extending an IPv4 filter to IPv6
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Extending an IPv4 filter to IPv6
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Iptables and DDoS attacks
- Re: Iptables and DDoS attacks
- From: Joshua Moore <j@xxxxxx>
- iptables cannot perform forwarding operations correctly
- From: Hack3rcon@xxxxxxxxxxxx
- Re: Iptables and DDoS attacks
- From: Hack3rcon@xxxxxxxxxxxx
- Re: failing fail-over - commit still in progress
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: unable to start nftables
- From: François Patte <francois.patte@xxxxxx>
- Re: unable to start nftables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: unable to start nftables
- From: François Patte <francois.patte@xxxxxx>
- Re: unable to start nftables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- unable to start nftables
- From: François Patte <francois.patte@xxxxxx>
- Re: failing fail-over - commit still in progress
- From: Pierre-Philipp Braun <pbraun@xxxxxxxxxxxx>
- Re: failing fail-over - commit still in progress
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- failing fail-over - commit still in progress
- From: Pierre-Philipp Braun <pbraun@xxxxxxxxxxxx>
- Re: failing fail-over - commit still in progress
- From: Pierre-Philipp Braun <pbraun@xxxxxxxxxxxx>
- nft tproxy failed to redirect on one system
- From: Carl Lei <me@xxxxxxxxxxxx>
- Re: Incompatibility when use python3-nftables and iptables-nft
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Iptables and DDoS attacks
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Iptables and DDoS attacks
- From: Hack3rcon@xxxxxxxxxxxx
- Incompatibility when use python3-nftables and iptables-nft
- From: Wayne Bao <herecomeswaynebao0811@xxxxxxxxx>
- Re: Incomprehensible behavior
- From: toml <toml@xxxxxxx>
- Re: Incomprehensible behavior
- From: Florian Westphal <fw@xxxxxxxxx>
- Incomprehensible behavior
- From: toml <toml@xxxxxxx>
- Incomprehensible behavior
- From: toml <toml@xxxxxxx>
- Re: Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem?
- From: toml <toml@xxxxxxx>
- Re: List chain during attack high CPU usage
- From: Brskt <contact@xxxxxxxx>
- Re: converting iptables/ip6tables to efficient nftables rules
- From: Tim Mooney <Tim.Mooney@xxxxxxxx>
- Re: converting iptables/ip6tables to efficient nftables rules
- From: Tim Mooney <Tim.Mooney@xxxxxxxx>
- Re: nftables 1.0.6: snat with maps
- From: Eric <evil.function@xxxxxxxxx>
- Re: nftables 1.0.6: snat with maps
- From: "Mucha Marcin (Sieciuch.com)" <m.mucha@xxxxxxxxxxxx>
- nftables 1.0.6: snat with maps
- From: "Mucha Marcin, Sieciuch.com" <m.mucha@xxxxxxxxxxxx>
- Re: nftables 1.0.6: snat with maps
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables 1.0.6: snat with maps
- From: "Mucha Marcin, Sieciuch.com" <m.mucha@xxxxxxxxxxxx>
- Re: Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem?
- From: toml <toml@xxxxxxx>
- Re: Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem?
- From: toml <toml@xxxxxxx>
- I need help about to rewrite some iptables rules
- From: hack3rcon@xxxxxxxxxxxx
- Re: Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: converting iptables/ip6tables to efficient nftables rules
- From: Florian Westphal <fw@xxxxxxxxx>
- Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem?
- From: toml <toml@xxxxxxx>
- Re: converting iptables/ip6tables to efficient nftables rules
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- converting iptables/ip6tables to efficient nftables rules
- From: Tim Mooney <Tim.Mooney@xxxxxxxx>
- Re: ct state module issue
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: ct state module issue
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: ct state module issue
- From: Alexei Starovoitov <alexei.starovoitov@xxxxxxxxx>
- Re: ct state module issue
- From: Florian Westphal <fw@xxxxxxxxx>
- ct state module issue
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: skb->mark not cleared for MLDv2 Reports? (skb->mark == 212 / 0xd4)
- From: Kuniyuki Iwashima <kuniyu@xxxxxxxxxx>
- Re: nftables 1.0.8 showing invalid type for ip dscp
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nftables 1.0.8 showing invalid type for ip dscp
- From: Brian Davidson <davidson.brian@xxxxxxxxx>
- skb->mark not cleared for MLDv2 Reports? (skb->mark == 212 / 0xd4)
- From: Linus Lüssing <linus.luessing@xxxxxxxxx>
- Re: [ANNOUNCE] libnftnl 1.2.6 release
- From: Jan Engelhardt <jengelh@xxxxxxx>
- Re: [ANNOUNCE] libnftnl 1.2.6 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] libnftnl 1.2.6 release
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [ANNOUNCE] nftables 1.0.8 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Ingress filter issue with pedit
- From: R Keith Beal <r@xxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.6 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Doubt on Iptables protocol extension
- From: Nayan Gadre <beejoy.nayan@xxxxxxxxx>
- pedit "pass" nonfunctional on ingress?
- From: Dave Taht <dave.taht@xxxxxxxxx>
- Re: Processing nftable rules without loading them into the kernel
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Processing nftable rules without loading them into the kernel
- From: Eric <evil.function@xxxxxxxxx>
- Processing nftable rules without loading them into the kernel
- From: George Shuklin <george.shuklin@xxxxxxxxx>
- Re: Matching on protocols inside IPv6 IPSec AH (legacy vs nft)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- input rule for "related" UDP traffic
- From: Holzwarth Dominique <Dominique.Holzwarth@xxxxxxxxxxxxxx>
- Re: Best practices on iif usage at persistent ruleset
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Best practices on iif usage at persistent ruleset
- From: George Shuklin <george.shuklin@xxxxxxxxx>
- Re: Best practices on iif usage at persistent ruleset
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Best practices on iif usage at persistent ruleset
- From: George Shuklin <george.shuklin@xxxxxxxxx>
- Best practices on iif usage at persistent ruleset
- From: Serg <seentr@xxxxxxxxxxxx>
- Re: iptables debian 11 package
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- iptables debian 11 package
- From: Matthew Ellquist <mellqui@xxxxxxxxx>
- Re: NAT to multiple ranges
- From: seentr@xxxxxxxxxxxx
- NAT to multiple ranges
- From: Dmitry <onyx@xxxxxxx>
- Re: Matching on protocols inside IPv6 IPSec AH (legacy vs nft)
- From: Jacek Tomasiak <jtomasiak@xxxxxxxxxx>
- Re: wiki documentation error (derp, false alarm...)
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: wiki documentation error (derp, false alarm...)
- From: Michael Deegan <michael@xxxxxxxxxxxx>
- Re: wiki documentation error
- From: Eric <evil.function@xxxxxxxxx>
- Re: wiki documentation error
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- wiki documentation error
- From: Michael Deegan <michael@xxxxxxxxxxxx>
- Re: Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?
- From: Florian Westphal <fw@xxxxxxxxx>
- RE: Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?
- From: "Jason Vas Dias" <jason.vas.dias@xxxxxx>
- Re: Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?
- From: Florian Westphal <fw@xxxxxxxxx>
- Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?
- From: "Jason Vas Dias" <jason.vas.dias@xxxxxx>
- Re: ipset hash:net:port:net
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Matching on protocols inside IPv6 IPSec AH (legacy vs nft)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ipset hash:net:port:net
- From: Марк Коренберг <socketpair@xxxxxxxxx>
- Matching on protocols inside IPv6 IPSec AH (legacy vs nft)
- From: Jacek Tomasiak <jtomasiak@xxxxxxxxxx>
- Re: Modify packet without NAT
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Modify packet without NAT
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nft list sets changed behavior
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Modify packet without NAT
- From: public1020 <public1020@xxxxxxxxx>
- Re: nft list sets changed behavior
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft list sets changed behavior
- From: nft.ogxzcrqhuhgchbvxcs4j7wws@xxxxxxxxxxxxxxxxxxxxxx
- Re: nft list sets changed behavior
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Modify packet without NAT
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- nft list sets changed behavior
- From: nft.ogxzcrqhuhgchbvxcs4j7wws@xxxxxxxxxxxxxxxxxxxxxx
- Re: Modify packet without NAT
- From: Serg <seentr@xxxxxxxxxxxx>
- Modify packet without NAT
- From: public1020 <public1020@xxxxxxxxx>
- Rule-based traffic/port mirroring
- From: Sandip Gangakhedkar <sandip.gangakhedkar@xxxxxxxxx>
- Re: IPv4 Evil Bit
- From: Paul Robert Marino <prmarino1@xxxxxxxxx>
- HW Offload to Mellanox ConnectX-5
- From: Wojciech Wrona <w0jtas@xxxxxxxxxx>
- Re: IPv4 Evil Bit
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: IPv4 Evil Bit
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: IPv4 Evil Bit
- From: Marek Küthe <m-k-mailling-list@xxxxxxx>
- Re: IPv4 Evil Bit
- From: Marek Küthe <m-k-mailling-list@xxxxxxx>
- Re: nftables: How to stop further chain traversal after accept verdict
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Resetting the timeout counter for a named set element?
- From: Eric <evil.function@xxxxxxxxx>
- Re: nftables: How to stop further chain traversal after accept verdict
- From: Tushar Shinde <mtk.tushar@xxxxxxxxx>
- Resetting the timeout counter for a named set element?
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: IPv4 Evil Bit
- From: Paul Robert Marino <prmarino1@xxxxxxxxx>
- Re: IPv4 Evil Bit
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: nftables: How to stop further chain traversal after accept verdict
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- IPv4 Evil Bit
- From: Marek Küthe <m-k-mailling-list@xxxxxxx>
- Re: nftables: How to stop further chain traversal after accept verdict
- From: Tushar Shinde <mtk.tushar@xxxxxxxxx>
- Re: nftables: How to stop further chain traversal after accept verdict
- From: seentr@xxxxxxxxxxxx
- nftables: How to stop further chain traversal after accept verdict
- From: Tushar Shinde <mtk.tushar@xxxxxxxxx>
- nftables 0.9.8 - unknown rule handle
- From: Daniel <33.368460088@xxxxxxxxxx>
- nftables 0.9.8 - unknown rule handle
- From: Daniel <tech@xxxxxxxxxx>
- nftables mark - tshark show [Frame is marked: False]
- From: Daniel <tech@xxxxxxxxxx>
- Filter access to user process sockets
- From: "Schewe, Jon RTX" <jon.schewe@xxxxxxx>
- Using netfilter to listen on events not working
- From: Igor de Paula <igordptx@xxxxxxxxx>
- [PATCH] netfilter: fix NULL pointer dereference in nf_confirm_cthelper
- From: Tijs Van Buggenhout <tijs.van.buggenhout@xxxxxxxxxxxx>
- Help use parsing to get a promiscuous level
- From: Igor de Paula <igordptx@xxxxxxxxx>
- Help use parsing to get a promiscuous level
- From: Igor de Paula <igordptx@xxxxxxxxx>
- Re: Documentation for nft-sync
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: dst NETMAP
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- dst NETMAP
- From: Rob Hutton <justlikeef@xxxxxxxxx>
- Re: Why tproxy to 127.0.0.1:port doesn't make packets go through the input chain with iifname lo?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Why tproxy to 127.0.0.1:port doesn't make packets go through the input chain with iifname lo?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Why tproxy to 127.0.0.1:port doesn't make packets go through the input chain with iifname lo?
- From: Eckl, Máté <ecklm94@xxxxxxxxx>
- Re: How to configure "full cone" NAT using iptables
- Re: How to configure "full cone" NAT using iptables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How to configure "full cone" NAT using iptables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How to configure "full cone" NAT using iptables
- From: Joshua Moore <j@xxxxxx>
- Re: How to configure "full cone" NAT using iptables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How to configure "full cone" NAT using iptables
- From: Joshua Moore <j@xxxxxx>
- Re: How to configure "full cone" NAT using iptables
- From: "Kevin P. Fleming" <lists.netfilter@xxxxxxxxxxxxx>
- Re: How to configure "full cone" NAT using iptables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How to configure "full cone" NAT using iptables
- From: Shane Wang <xwang4396@xxxxxxxxx>
- Re: How to configure "full cone" NAT using iptables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- How to configure "full cone" NAT using iptables
- From: Shane Wang <xwang4396@xxxxxxxxx>
- Documentation for nft-sync
- From: "Ferenc Takacs - Ancelade.com" <ferenc@xxxxxxxxxxxx>
- Why tproxy to 127.0.0.1:port doesn't make packets go through the input chain with iifname lo?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Understanding the network stack internals for multicast packets if there is both a raw socket and local subscriber for IGMP messages
- From: Martin Tonusoo <martin@xxxxxxxxxxx>
- Nft nat map/set net to net multi time
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- [PATCH 2/2] netfilter: nfnetlink_queue: enable cgroup id socket info retrieval
- From: Patryk Sondej <patryk.sondej@xxxxxxxxx>
- [PATCH 1/2] netfilter: nfnetlink_log: enable cgroup id socket info retrieval
- From: Patryk Sondej <patryk.sondej@xxxxxxxxx>
- [PATCH 0/2] netfilter: nfnetlink_log & nfnetlink_queue: enable cgroup id socket info
- From: Patryk Sondej <patryk.sondej@xxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: ct state vmap no longer works on 6.3 kernel
- Re: ct state vmap no longer works on 6.3 kernel
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: ct state vmap no longer works on 6.3 kernel
- Re: ct state vmap no longer works on 6.3 kernel
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ct state vmap no longer works on 6.3 kernel
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Translating iptables rules with TTL, HL and physdev to nftables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Serg <seentr@xxxxxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: seentr@xxxxxxxxxxxx
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: seentr@xxxxxxxxxxxx
- Possible to check if ip daddr belongs to an interface in the prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- [Announce] Foomuuri - New firewall software using nftables
- From: "Kim B. Heino" <b@xxxxxxxx>
- How to use connection tracking with Docker?
- From: Wenfay <Wenfay@xxxxxxxxxxxxxx>
- UTF8 for non-breaking space reports junk in nftables [was Re: Rule error using ct helper for TFTP]
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Rule error using ct helper for TFTP
- From: Dario Alcocer <dalcocer@xxxxxxxxxx>
- Re: Change in nft set element add syntax?
- From: Jacob Middag <jacob@xxxxxxxxx>
- Re: iptables 1.4.16.3 on a Zyxel Router: NOTRACK / CT --notrack not available
- From: Bastian Bittorf <bb@xxxxxx>
- iptables 1.4.16.3 on a Zyxel Router: NOTRACK / CT --notrack not available
- From: Johannes Erwerle <jo@xxxxxxxxxxxxx>
- Re: Help/Advice with Ethernet NAT or "hub-mode" bridge
- From: "Gabriel L. Somlo" <gsomlo@xxxxxxxxx>
- Re: Help/Advice with Ethernet NAT or "hub-mode" bridge
- From: "Gabriel L. Somlo" <gsomlo@xxxxxxxxx>
- Re: Help/Advice with Ethernet NAT or "hub-mode" bridge
- From: "Gabriel L. Somlo" <gsomlo@xxxxxxxxx>
- Help/Advice with Ethernet NAT or "hub-mode" bridge
- From: "Gabriel L. Somlo" <gsomlo@xxxxxxxxx>
- Re: Programmatically adding an element into a map using libnftnl
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Florian Westphal <fw@xxxxxxxxx>
- Programmatically adding an element into a map using libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map programmatically using the C library libnftnl
- From: Florian Westphal <fw@xxxxxxxxx>
- Creating a map programmatically using the C library libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map programmatically with libnftnl
- From: Daniel <tech@xxxxxxxxxx>
- Creating a map programmatically with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: nftables: Internal error when checking rules
- From: Serg <seentr@xxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Serg <seentr@xxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Serg <seentr@xxxxxxxxxxxx>
- Re: nftables: Internal error when checking rules
- From: Eric <evil.function@xxxxxxxxx>
- nftables: Internal error when checking rules
- From: Serg <seentr@xxxxxxxxxxxx>
- Both SNAT MAC and DNAT MAC on packet
- From: Matthew Bellizzi <matthew.bellizzi@xxxxxxxxx>
- Re: rate-limit ssh for both IPv4 and IPv6
- From: Tim Mooney <Tim.Mooney@xxxxxxxx>
- Re: rate-limit ssh for both IPv4 and IPv6
- From: "Kevin P. Fleming" <lists.netfilter@xxxxxxxxxxxxx>
- rate-limit ssh for both IPv4 and IPv6
- From: Tim Mooney <Tim.Mooney@xxxxxxxx>
- [ANNOUNCE] nftables 1.0.7 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] libnftnl 1.2.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Translating iptables rules with TTL, HL and physdev to nftables
- From: gaaimen1997 <gaaimen1997@xxxxxxxxxxxxxx>
- Re: Bug report DNAT destination not work
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Bug report DNAT destination not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Bug report DNAT destination not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Bug report DNAT destination not work
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Could somebody please explain priorities correctly and in an understandable way?
- From: Binarus <lists@xxxxxxxxxx>
- Re: Could somebody please explain priorities correctly and in an understandable way?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Could somebody please explain priorities correctly and in an understandable way?
- From: Binarus <lists@xxxxxxxxxx>
- Could somebody please explain priorities correctly and in an understandable way?
- From: Binarus <lists@xxxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- DNS answer packet (UDP) can´t catch´d by application
- From: Thomas Grünert <thomas.gruenert@xxxxxxxxxxxxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Fourhundred Thecat <400thecat@xxxxxx>
- Re: ipset: update timeout when IP matches
- From: Mathew Heard <mat999@xxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- ipset: update timeout when IP matches
- From: Fourhundred Thecat <400thecat@xxxxxx>
- Re: drop first SYN packet with nftables
- From: Adel Belhouane <bugs.a.b@xxxxxxx>
- Re: IPVS: conn_tab_bits param for ip_vs > 20 leads to default being set
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: IPVS: conn_tab_bits param for ip_vs > 20 leads to default being set
- From: Abhijeet Rastogi <abhijeet.1989@xxxxxxxxx>
- IPVS: conn_tab_bits param for ip_vs > 20 leads to default being set
- From: Abhijeet Rastogi <abhijeet.1989@xxxxxxxxx>
- allow user to offload tc action to net device : Question
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Subject: Flowtables send packets to broadcast MAC address.
- From: Christian Worm Mortensen <opensource@xxxxxxxx>
- drop first SYN packet with nftables
- From: Stewart Nelson <voip@xxxxxxxxx>
- drop first SYN packet with nftables
- From: Stewart Nelson <sn@xxxxxxxxx>
- Ip route flush table X doesn't delete the table?
- From: Varun Tewari <tewari.varun@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- Question about ulogd2 and hostname
- From: italia azzura <italiazzura@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- [ANNOUNCE] iptables 1.8.9 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: nftables character limits?
- From: Gio <gioflux@xxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Using sets across ip and netdev tables
- From: Beep Beep <the.beep.projects@xxxxxxxxx>
- [ANNOUNCE] ipset 7.17 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: NFT Flowtable HW Offload
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: NFT Flowtable HW Offload
- From: Eric <evil.function@xxxxxxxxx>
- Re: ipset bug (kernel hang)
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- NFT Flowtable HW Offload
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: netfilter flowtable software offload
- From: Andrej Stender <andrej.stender@xxxxxxxxxxxxxxxx>
- Re: nftables tutorial for dummies?
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables tutorial for dummies?
- From: "ad^2" <adsquaired@xxxxxxxxx>
- Re: bftables and scripts question
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: bftables and scripts question
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: bftables and scripts question
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nftables tutorial for dummies?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- bftables and scripts question
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- RE: nftables tutorial for dummies?
- From: "Atkins, Brian" <Brian.Atkins@xxxxxxxxxx>
- netfilter flowtable software offload
- From: yves baumes <ybaumes@xxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- ipset bug (kernel hang)
- From: Марк Коренберг <socketpair@xxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nftables tutorial for dummies?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nftables tutorial for dummies?
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- [ANNOUNCE] nftables 1.0.6 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- nftables tutorial for dummies?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nftables: origin sport after dstnat
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables: origin sport after dstnat
- From: Aaron Fischer <mail@xxxxxxxxxxxxxxxxx>
- Re: nftables: origin sport after dstnat
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables: origin sport after dstnat
- From: Aaron Fischer <mail@xxxxxxxxxxxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Dave Osbourne <dave@xxxxxxxxxxxxxxxxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Brskt <me@xxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Which of these 2 rules will consume more CPU? Please guide.
- From: Amish <anon.amish@xxxxxxxxx>
- [ANNOUNCE] ipset 7.16 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- NAT6 One to One implement in kernel ?
- From: ayaka <ayaka@xxxxxxxxxxx>
- Can Not Send Netlink Messages with Unshare(CLONE_NEWNET)
- From: Hang An <anhang610@xxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.4 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: [ANNOUNCE] ulogd 2.0.8 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] ulogd 2.0.8 release
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [ANNOUNCE] ulogd 2.0.8 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- How to add set element with libnftnl?
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: How to allow traffic over VPN across namespaces using nftables
- From: Ruben Di Battista <rubendibattista@xxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Bruno Meirelles <bmeirelles@xxxxxxxxx>
- Re: Updating set elements from command line
- From: Eric <evil.function@xxxxxxxxx>
- Re: Updating set elements from command line
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Updating set elements from command line
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Updating set elements from command line
- From: Eric <evil.function@xxxxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: "Kevin P. Fleming" <kevin@xxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: "Kevin P. Fleming" <kevin@xxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Reliably flushing individual tables in nftables
- From: "Kevin P. Fleming" <kevin@xxxxxxx>
- [ANNOUNCE] conntrack-tools 1.4.7 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Bruno Meirelles <bmeirelles@xxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Rule does not work. This is configuration error or bug?
- From: Bruno Meirelles <bmeirelles@xxxxxxxxx>
- Bug Report Flowtable NFT with kernel 5.19.9
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Change in nft set element add syntax?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Bruno de Paula Larini <bruno.larini@xxxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Bruno de Paula Larini <bruno.larini@xxxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Florian Westphal <fw@xxxxxxxxx>
- BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Bruno de Paula Larini <bruno.larini@xxxxxxxxxxxxxx>
- [doc?] nftables; symbolic variable definition only allows suffixed comments
- From: grin <grin@xxxxxxx>
- Re: how to use meters?
- From: Kamil Jońca <kjonca@xxxxx>
- Re: how to use meters?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- how to use meters?
- From: Kamil Jońca <kjonca@xxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Fwd: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: conntrackd "issue" in asymmetric scenario with TCP vs ICMP
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Raw payload matching beyond 2040 bits
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: List chain during attack high CPU usage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrackd "issue" in asymmetric scenario with TCP vs ICMP
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Segmentation fault when starting conntrackd
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Segmentation fault when starting conntrackd
- From: "Viton, Pedro (Nokia - ES/Madrid)" <pedro.viton@xxxxxxxxx>
- conntrackd "issue" in asymmetric scenario with TCP vs ICMP
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: List chain during attack high CPU usage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- RE: [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain
- From: "Vink, Ronald" <ronald.vink@xxxxxxxxxxxx>
- [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- List chain during attack high CPU usage
- From: Brskt <contact@xxxxxxxx>
- egress hook
- From: Lynx de Cat <lynx.light0@xxxxxxxxx>
- Re: Upgrading iptables firewall on Red Hat Enterprise Linux 9.0
- From: John Haxby <john.haxby@xxxxxxxxxx>
- Re: Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Raw payload matching beyond 2040 bits
- From: Florian Westphal <fw@xxxxxxxxx>
- Raw payload matching beyond 2040 bits
- From: Julien Moutinho <julm+netfilter@xxxxxxxxxxxxxx>
- Re: Packets lost in netfilter & Altering outgoing packet's mac address
- From: Florian Westphal <fw@xxxxxxxxx>
- Packets lost in netfilter & Altering outgoing packet's mac address
- From: Ludvig Sandh <givdul11@xxxxxxxxxx>
- Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Running nft --check as non-root
- From: Peter Hoeg <peter@xxxxxxxx>
- Re: Running nft --check as non-root
- From: Florian Westphal <fw@xxxxxxxxx>
- Running nft --check as non-root
- From: Peter Hoeg <peter@xxxxxxxx>
- [ANNOUNCE] nftables 1.0.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Requirements for nft nat pre/postrouting chains?
- From: Dominique MARTINET <dominique.martinet@xxxxxxxxxxxxxxxxx>
- Requirements for nft nat pre/postrouting chains?
- From: Dominique MARTINET <dominique.martinet@xxxxxxxxxxxxxxxxx>
- Select a wrong source address on ipv4 masquerade
- From: Hiroaki Mizuguchi <mhiroaki@xxxxxxxxx>
- Re: REDIRECTing many ports to one leads to 4-tuple conflicts
- From: John Howard <howardjohn@xxxxxxxxxx>
- Re: REDIRECTing many ports to one leads to 4-tuple conflicts
- From: John Howard <howardjohn@xxxxxxxxxx>
- REDIRECTing many ports to one leads to 4-tuple conflicts
- From: John Howard <howardjohn@xxxxxxxxxx>
- Re: nf_queue flush on deletion
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Bug in the wiki
- From: "B. Ohnsorg" <b.ohnsorg@xxxxxxxxxx>
- Re: CONNMARK rules
- From: Richard Lucassen <mailinglists@xxxxxx>
- Re: CONNMARK rules
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- CONNMARK rules
- From: Richard Lucassen <mailinglists@xxxxxx>
- Re: Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- limit usage
- From: Ignacio Freyre <nachofw@xxxxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Kiernan George <kbg98@xxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ABI Breakage - nftnl_rule_parse_attr_cb
- From: Kiernan George <kbg98@xxxxxx>
- Re: Create Rule w/ Source IP Example
- From: Florian Westphal <fw@xxxxxxxxx>
- Create Rule w/ Source IP Example
- From: Kiernan George <kbg98@xxxxxx>
- Re: iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Gmail Support <testingforadept@xxxxxxxxx>
- Re: iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Florian Westphal <fw@xxxxxxxxx>
- iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Amish <anon.amish@xxxxxxxxx>
- Routing table does not assign correct output IP address after nftables "chain" chain
- From: Tito Sacchi <tito@xxxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Bridge table: binding the rules to specific instances of the bridge
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Support for String Match Blocking in NFTables
- From: Gmail Support <testingforadept@xxxxxxxxx>
- nf_queue flush on deletion
- From: Jordan Griege <jgriege@xxxxxxxxxxxxxx>
- extra chains for nftrace
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Joshua Moore <j@xxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Chris Hall <netfilter@xxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Benny Lyne Amorsen <benny+usenet@xxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Matt <lists@xxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Chris Hall <netfilter@xxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Gio <gioflux@xxxxxxxxx>
- [ANNOUNCE] nftables 1.0.4 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Validating this is the right conntrack ruleset
- From: Gio <gioflux@xxxxxxxxx>
- Re: mixed address family sets and rules in nft
- From: "Alov, Igor" <alov.igor@xxxxxxxxx>
- Re: mixed address family sets and rules in nft
- From: Kamil Jońca <kjonca@xxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- mixed address family sets and rules in nft
- From: Marc Haber <mh+netfilter@xxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Timothy Ham <timothyham@xxxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: IPTables ISP Open Port Notices
- From: Alex Buie <alex.buie@xxxxxxxxx>
- libnftables JSON output does not show comment attribute for counter
- From: Sandro <lists@xxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Alex Buie <alex.buie@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Kamil Jońca <kjonca@xxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Alex Buie <alex.buie@xxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: IPTables ISP Open Port Notices
- From: Dave Osbourne <dave@xxxxxxxxxxxxxxxxxx>
- IPTables ISP Open Port Notices
- From: Robert Steinmetz <rob@xxxxxxxxxxxxxxxx>
- [ANNOUNCE] nftables 1.0.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: exclude named sets
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
- Re: traffic shaping with tc and nft
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: traffic shaping with tc and nft
- From: Kamil Jońca <kjonca@xxxxx>
- traffic shaping with tc and nft
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: exclude named sets
- From: Andrew Clark <andrewclarkii@xxxxxxxxx>
- Re: exclude named sets
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Re: exclude named sets
- From: Kamil Jońca <kjonca@xxxxx>
- Re: exclude named sets
- From: Andrew Clark <andrewclarkii@xxxxxxxxx>
- Re: exclude named sets
- From: Kamil Jońca <kjonca@xxxxx>
- exclude named sets
- From: Andrew Clark <andrewclarkii@xxxxxxxxx>
- set of sets
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: nftables: priority handling for changes on the same table
- From: Kamil Jońca <kjonca@xxxxx>
- nftables: priority handling for changes on the same table
- From: Florian Eckert <fe@xxxxxxxxxx>
- Re: "nft --check" not warning about missing statement in rule
- From: Florian Westphal <fw@xxxxxxxxx>
- "nft --check" not warning about missing statement in rule
- From: Alexander Helmer <a.helmer@xxxxxxxxxxxx>
- it is possible to use link group or vrf to make a netdev hook?
- From: "Alov, Igor" <alov.igor@xxxxxxxxx>
- [ANNOUNCE] iptables 1.8.8 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- target and match expression "info" payload decoding in nftables expressions in netlink messages
- From: Harald Albrecht <Harald.Albrecht@xxxxxxx>
- Re: Question about "masquerade"
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- Re: Question about "masquerade"
- From: Florian Westphal <fw@xxxxxxxxx>
- Question about "masquerade"
- From: Kamil Jońca <kjonca@xxxxx>
- Multiple protocols in conntrack tool filtering
- From: Olivier <oza.4h07@xxxxxxxxx>
- [ANNOUNCE] libnetfilter_cttimeout 1.0.1 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- [ANNOUNCE] libnetfilter_cthelper 1.0.1 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: cannot allow outbound ping traffic
- From: Linux Scoop <linuxscoop@xxxxxxxxx>
- Re: cannot allow outbound ping traffic
- From: Paulo Ricardo Bruck <pauloric@xxxxxxxxxxxxxxxx>
- cannot allow outbound ping traffic
- From: Linux Scoop <linuxscoop@xxxxxxxxx>
- Re: Conditional inclusion of parts of nft file?
- From: Jesper Dybdal <netfilter@xxxxxxxxx>
- Number of rules?
- From: <paul.guijt@xxxxxxxxx>
- Re: nft add element .. too many fiules opened
- From: Florian Westphal <fw@xxxxxxxxx>
- nft add element .. too many fiules opened
- From: Peter Hudec <peter@xxxxxxxxxxxxxxxx>
- Conditional inclusion of parts of nft file?
- From: Jesper Dybdal <netfilter@xxxxxxxxx>
- Re: using sets as snat targets in nat tables
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- Re: using sets as snat targets in nat tables
- From: Kamil Jońca <kjonca@xxxxx>
- using sets as snat targets in nat tables
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- NFTABLES - BRIDGE TRANSPARENT FIREWALL
- From: Computer Planet <amministrazione@xxxxxxxxxxxxxxx>
- Re: nftables snat map with ports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- RE: nft JSON rule output order
- From: "Atkins, Brian" <Brian.Atkins@xxxxxxxxxx>
- Re: nft JSON rule output order
- From: Kamil Jońca <kjonca@xxxxx>
- nftwatch bug fixes
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- nft JSON rule output order
- From: "Atkins, Brian" <Brian.Atkins@xxxxxxxxxx>
- Re: Proper way to ipsec filtering
- From: Kamil Jońca <kjonca@xxxxx>
- Re: Proper way to ipsec filtering
- From: Florian Westphal <fw@xxxxxxxxx>
- New tool to watch nftables counters - nftwatch
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- Proper way to ipsec filtering
- From: Kamil Jońca <kjonca@xxxxx>
- Proper way to use counters for a specific child chain
- From: Gio <gioflux@xxxxxxxxx>
- Re: ebtables complains about the speeding up example
- From: Cédric Martínez Campos <cedricmartinezcampos@xxxxxxxxx>
- Re: ebtables complains about the speeding up example
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ebtables complains about the speeding up example
- From: Cédric Martínez Campos <cedricmartinezcampos@xxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Error when using 'time' statement in nftables 1.0.2 rule
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Dropping L2 PTP packets using nftables
- From: Joseph Richard <joseph.richard@xxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Fw: nftables portknocking
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- [ANNOUNCE] libnfnetlink 1.0.2 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Redirect rule directly dropping packet
- From: "Boyd, Patrick" <Patrick.Boyd@xxxxxxxx>
- [ANNOUNCE] libmnl 1.0.5 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: SNAT not translating all iperf3 packets
- From: dynexbeats <dynexbeats@xxxxxxxxxxxxxx>
- Aw: Fw: nftables portknocking
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- SNAT not translating all iperf3 packets
- From: dynexbeats <dynexbeats@xxxxxxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: json_cmd not working as intended
- From: Léo El Amri <leo@xxxxxxxxxxx>
- Misleading include documentation
- From: Michaël PAULON <michael@xxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Florian Westphal <fw@xxxxxxxxx>
- bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- json_cmd not working as intended
- From: Francisco Albani <francisco.albani@xxxxxxxxxxxxxx>
- nftables portknocking
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Port pool of CentOS machine
- From: Ameen Al-Azzawi <ameen.azzawi@xxxxxxxxx>
- Re: IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- Re: IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- Re: nftables + docker
- From: Jarno Pelkonen <jarno.pelkonen@xxxxxxxxx>
- nftables + docker
- From: Matthew Ellquist <mellqui@xxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [ANNOUNCE] nftables 1.0.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- UDP IPVS: Incorrect conntrack entry in reply tuple
- From: Vivek Thrivikraman <vivek.thrivikraman@xxxxxxxx>
- [ANNOUNCE] libnetfilter_conntrack 1.0.9 release
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Want to match on a value from a map lookup
- From: Kyle Rose <krose@xxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite News]
[Samba]
