Linux TCP/IP Netfilter
[Prev Page][Next Page]
- Re: ipset: update timeout when IP matches
- From: Mathew Heard <mat999@xxxxxxxxx>
- Re: ipset: update timeout when IP matches
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- ipset: update timeout when IP matches
- From: Fourhundred Thecat <400thecat@xxxxxx>
- Re: drop first SYN packet with nftables
- From: Adel Belhouane <bugs.a.b@xxxxxxx>
- Re: IPVS: conn_tab_bits param for ip_vs > 20 leads to default being set
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: IPVS: conn_tab_bits param for ip_vs > 20 leads to default being set
- From: Abhijeet Rastogi <abhijeet.1989@xxxxxxxxx>
- IPVS: conn_tab_bits param for ip_vs > 20 leads to default being set
- From: Abhijeet Rastogi <abhijeet.1989@xxxxxxxxx>
- allow user to offload tc action to net device : Question
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Subject: Flowtables send packets to broadcast MAC address.
- From: Christian Worm Mortensen <opensource@xxxxxxxx>
- drop first SYN packet with nftables
- From: Stewart Nelson <voip@xxxxxxxxx>
- drop first SYN packet with nftables
- From: Stewart Nelson <sn@xxxxxxxxx>
- Ip route flush table X doesn't delete the table?
- From: Varun Tewari <tewari.varun@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- Question about ulogd2 and hostname
- From: italia azzura <italiazzura@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Eric <evil.function@xxxxxxxxx>
- nft -f fails with netlink: Error: Could not process rule: Message too long
- From: Gio <gioflux@xxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- [ANNOUNCE] iptables 1.8.9 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: nftables character limits?
- From: Gio <gioflux@xxxxxxxxx>
- Re: [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- [nft] src: allow for updating devices on existing netdev chain - Test result
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Using sets across ip and netdev tables
- From: Beep Beep <the.beep.projects@xxxxxxxxx>
- [ANNOUNCE] ipset 7.17 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: NFT Flowtable HW Offload
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: NFT Flowtable HW Offload
- From: Eric <evil.function@xxxxxxxxx>
- Re: ipset bug (kernel hang)
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- NFT Flowtable HW Offload
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: netfilter flowtable software offload
- From: Andrej Stender <andrej.stender@xxxxxxxxxxxxxxxx>
- Re: nftables tutorial for dummies?
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables tutorial for dummies?
- From: "ad^2" <adsquaired@xxxxxxxxx>
- Re: bftables and scripts question
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: bftables and scripts question
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: bftables and scripts question
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nftables tutorial for dummies?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- bftables and scripts question
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- RE: nftables tutorial for dummies?
- From: "Atkins, Brian" <Brian.Atkins@xxxxxxxxxx>
- netfilter flowtable software offload
- From: yves baumes <ybaumes@xxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- ipset bug (kernel hang)
- From: Марк Коренберг <socketpair@xxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nftables tutorial for dummies?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nftables tutorial for dummies?
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- [ANNOUNCE] nftables 1.0.6 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- nftables tutorial for dummies?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nf_conntrack_helper replacement?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- nf_conntrack_helper replacement?
- From: ToddAndMargo <ToddAndMargo@xxxxxxxx>
- Re: nftables: origin sport after dstnat
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables: origin sport after dstnat
- From: Aaron Fischer <mail@xxxxxxxxxxxxxxxxx>
- Re: nftables: origin sport after dstnat
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables: origin sport after dstnat
- From: Aaron Fischer <mail@xxxxxxxxxxxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Dave Osbourne <dave@xxxxxxxxxxxxxxxxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Brskt <me@xxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Which of these 2 rules will consume more CPU? Please guide.
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Which of these 2 rules will consume more CPU? Please guide.
- From: Amish <anon.amish@xxxxxxxxx>
- [ANNOUNCE] ipset 7.16 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- NAT6 One to One implement in kernel ?
- From: ayaka <ayaka@xxxxxxxxxxx>
- Can Not Send Netlink Messages with Unshare(CLONE_NEWNET)
- From: Hang An <anhang610@xxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.4 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables and IPv6 prefix delegation (regression vs ip6tables)
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: [ANNOUNCE] ulogd 2.0.8 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] ulogd 2.0.8 release
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [ANNOUNCE] ulogd 2.0.8 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- How to add set element with libnftnl?
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: How to allow traffic over VPN across namespaces using nftables
- From: Ruben Di Battista <rubendibattista@xxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Bruno Meirelles <bmeirelles@xxxxxxxxx>
- Re: Updating set elements from command line
- From: Eric <evil.function@xxxxxxxxx>
- Re: Updating set elements from command line
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Updating set elements from command line
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Updating set elements from command line
- From: Eric <evil.function@xxxxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: "Kevin P. Fleming" <kevin@xxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: "Kevin P. Fleming" <kevin@xxxxxxx>
- Re: Reliably flushing individual tables in nftables
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Reliably flushing individual tables in nftables
- From: "Kevin P. Fleming" <kevin@xxxxxxx>
- [ANNOUNCE] conntrack-tools 1.4.7 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Kernel 6.0.0 bug pptp not work
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Bruno Meirelles <bmeirelles@xxxxxxxxx>
- Re: Rule does not work. This is configuration error or bug?
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Rule does not work. This is configuration error or bug?
- From: Bruno Meirelles <bmeirelles@xxxxxxxxx>
- Bug Report Flowtable NFT with kernel 5.19.9
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Change in nft set element add syntax?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Bruno de Paula Larini <bruno.larini@xxxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Bruno de Paula Larini <bruno.larini@xxxxxxxxxxxxxx>
- Re: BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Florian Westphal <fw@xxxxxxxxx>
- BUG: soft lockup on kernel 5.19.9 when attempting FTP connections
- From: Bruno de Paula Larini <bruno.larini@xxxxxxxxxxxxxx>
- [doc?] nftables; symbolic variable definition only allows suffixed comments
- From: grin <grin@xxxxxxx>
- Re: how to use meters?
- From: Kamil Jońca <kjonca@xxxxx>
- Re: how to use meters?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- how to use meters?
- From: Kamil Jońca <kjonca@xxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: Fwd: proper ICMPv6 syntax for specific daddr
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Fwd: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: conntrackd "issue" in asymmetric scenario with TCP vs ICMP
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Raw payload matching beyond 2040 bits
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: List chain during attack high CPU usage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrackd "issue" in asymmetric scenario with TCP vs ICMP
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Segmentation fault when starting conntrackd
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: proper ICMPv6 syntax for specific daddr
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- proper ICMPv6 syntax for specific daddr
- From: Tom <tom@xxxxxxxxxxx>
- Segmentation fault when starting conntrackd
- From: "Viton, Pedro (Nokia - ES/Madrid)" <pedro.viton@xxxxxxxxx>
- conntrackd "issue" in asymmetric scenario with TCP vs ICMP
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: List chain during attack high CPU usage
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- RE: [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain
- From: "Vink, Ronald" <ronald.vink@xxxxxxxxxxxx>
- [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- List chain during attack high CPU usage
- From: Brskt <contact@xxxxxxxx>
- egress hook
- From: Lynx de Cat <lynx.light0@xxxxxxxxx>
- Re: Upgrading iptables firewall on Red Hat Enterprise Linux 9.0
- From: John Haxby <john.haxby@xxxxxxxxxx>
- Re: Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Raw payload matching beyond 2040 bits
- From: Florian Westphal <fw@xxxxxxxxx>
- Raw payload matching beyond 2040 bits
- From: Julien Moutinho <julm+netfilter@xxxxxxxxxxxxxx>
- Re: Packets lost in netfilter & Altering outgoing packet's mac address
- From: Florian Westphal <fw@xxxxxxxxx>
- Packets lost in netfilter & Altering outgoing packet's mac address
- From: Ludvig Sandh <givdul11@xxxxxxxxxx>
- Optimization works only on specific syntax? (was [ANNOUNCE] nftables 1.0.5 release)
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Running nft --check as non-root
- From: Peter Hoeg <peter@xxxxxxxx>
- Re: Running nft --check as non-root
- From: Florian Westphal <fw@xxxxxxxxx>
- Running nft --check as non-root
- From: Peter Hoeg <peter@xxxxxxxx>
- [ANNOUNCE] nftables 1.0.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Requirements for nft nat pre/postrouting chains?
- From: Dominique MARTINET <dominique.martinet@xxxxxxxxxxxxxxxxx>
- Requirements for nft nat pre/postrouting chains?
- From: Dominique MARTINET <dominique.martinet@xxxxxxxxxxxxxxxxx>
- Select a wrong source address on ipv4 masquerade
- From: Hiroaki Mizuguchi <mhiroaki@xxxxxxxxx>
- Re: REDIRECTing many ports to one leads to 4-tuple conflicts
- From: John Howard <howardjohn@xxxxxxxxxx>
- Re: REDIRECTing many ports to one leads to 4-tuple conflicts
- From: John Howard <howardjohn@xxxxxxxxxx>
- REDIRECTing many ports to one leads to 4-tuple conflicts
- From: John Howard <howardjohn@xxxxxxxxxx>
- Re: nf_queue flush on deletion
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Bug in the wiki
- From: "B. Ohnsorg" <b.ohnsorg@xxxxxxxxxx>
- Re: CONNMARK rules
- From: Richard Lucassen <mailinglists@xxxxxx>
- Re: CONNMARK rules
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- CONNMARK rules
- From: Richard Lucassen <mailinglists@xxxxxx>
- Re: Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Re: Bug in the wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Bug in the wiki
- From: Nuno Gonçalves <nunojpg@xxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Creating a map with libnftnl
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Creating a map with libnftnl
- From: Kiernan George <kbg98@xxxxxx>
- limit usage
- From: Ignacio Freyre <nachofw@xxxxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Kiernan George <kbg98@xxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: ABI Breakage - nftnl_rule_parse_attr_cb
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ABI Breakage - nftnl_rule_parse_attr_cb
- From: Kiernan George <kbg98@xxxxxx>
- Re: Create Rule w/ Source IP Example
- From: Florian Westphal <fw@xxxxxxxxx>
- Create Rule w/ Source IP Example
- From: Kiernan George <kbg98@xxxxxx>
- Re: iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Gmail Support <testingforadept@xxxxxxxxx>
- Re: iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Florian Westphal <fw@xxxxxxxxx>
- iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script
- From: Amish <anon.amish@xxxxxxxxx>
- Routing table does not assign correct output IP address after nftables "chain" chain
- From: Tito Sacchi <tito@xxxxxxxxxx>
- Re: Support for String Match Blocking in NFTables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Bridge table: binding the rules to specific instances of the bridge
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Support for String Match Blocking in NFTables
- From: Gmail Support <testingforadept@xxxxxxxxx>
- nf_queue flush on deletion
- From: Jordan Griege <jgriege@xxxxxxxxxxxxxx>
- extra chains for nftrace
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Joshua Moore <j@xxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Chris Hall <netfilter@xxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- Re: IP DNAT on bridged packets destined to local process
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Benny Lyne Amorsen <benny+usenet@xxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Matt <lists@xxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Chris Hall <netfilter@xxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Gio <gioflux@xxxxxxxxx>
- [ANNOUNCE] nftables 1.0.4 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- IP DNAT on bridged packets destined to local process
- From: Shirisha Dasari <shirishadasari@xxxxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Validating this is the right conntrack ruleset
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Validating this is the right conntrack ruleset
- From: Gio <gioflux@xxxxxxxxx>
- Re: mixed address family sets and rules in nft
- From: "Alov, Igor" <alov.igor@xxxxxxxxx>
- Re: mixed address family sets and rules in nft
- From: Kamil Jońca <kjonca@xxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- mixed address family sets and rules in nft
- From: Marc Haber <mh+netfilter@xxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Timothy Ham <timothyham@xxxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: IPTables ISP Open Port Notices
- From: Alex Buie <alex.buie@xxxxxxxxx>
- libnftables JSON output does not show comment attribute for counter
- From: Sandro <lists@xxxxxxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Alex Buie <alex.buie@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Kamil Jońca <kjonca@xxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Alex Buie <alex.buie@xxxxxxxxx>
- RE: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: Possibly dangerous interpretation of address/prefix pair in -s option
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Possibly dangerous interpretation of address/prefix pair in -s option
- From: Stefan Riha <stefan@xxxxxxxxx>
- Re: IPTables ISP Open Port Notices
- From: Dave Osbourne <dave@xxxxxxxxxxxxxxxxxx>
- IPTables ISP Open Port Notices
- From: Robert Steinmetz <rob@xxxxxxxxxxxxxxxx>
- [ANNOUNCE] nftables 1.0.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: exclude named sets
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
- Re: traffic shaping with tc and nft
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: traffic shaping with tc and nft
- From: Kamil Jońca <kjonca@xxxxx>
- traffic shaping with tc and nft
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: exclude named sets
- From: Andrew Clark <andrewclarkii@xxxxxxxxx>
- Re: exclude named sets
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Re: exclude named sets
- From: Kamil Jońca <kjonca@xxxxx>
- Re: exclude named sets
- From: Andrew Clark <andrewclarkii@xxxxxxxxx>
- Re: exclude named sets
- From: Kamil Jońca <kjonca@xxxxx>
- exclude named sets
- From: Andrew Clark <andrewclarkii@xxxxxxxxx>
- set of sets
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: nftables: priority handling for changes on the same table
- From: Kamil Jońca <kjonca@xxxxx>
- nftables: priority handling for changes on the same table
- From: Florian Eckert <fe@xxxxxxxxxx>
- Re: "nft --check" not warning about missing statement in rule
- From: Florian Westphal <fw@xxxxxxxxx>
- "nft --check" not warning about missing statement in rule
- From: Alexander Helmer <a.helmer@xxxxxxxxxxxx>
- it is possible to use link group or vrf to make a netdev hook?
- From: "Alov, Igor" <alov.igor@xxxxxxxxx>
- [ANNOUNCE] iptables 1.8.8 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- target and match expression "info" payload decoding in nftables expressions in netlink messages
- From: Harald Albrecht <Harald.Albrecht@xxxxxxx>
- Re: Question about "masquerade"
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- Re: Question about "masquerade"
- From: Florian Westphal <fw@xxxxxxxxx>
- Question about "masquerade"
- From: Kamil Jońca <kjonca@xxxxx>
- Multiple protocols in conntrack tool filtering
- From: Olivier <oza.4h07@xxxxxxxxx>
- [ANNOUNCE] libnetfilter_cttimeout 1.0.1 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- [ANNOUNCE] libnetfilter_cthelper 1.0.1 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: cannot allow outbound ping traffic
- From: Linux Scoop <linuxscoop@xxxxxxxxx>
- Re: cannot allow outbound ping traffic
- From: Paulo Ricardo Bruck <pauloric@xxxxxxxxxxxxxxxx>
- cannot allow outbound ping traffic
- From: Linux Scoop <linuxscoop@xxxxxxxxx>
- Re: Conditional inclusion of parts of nft file?
- From: Jesper Dybdal <netfilter@xxxxxxxxx>
- Number of rules?
- From: <paul.guijt@xxxxxxxxx>
- Re: nft add element .. too many fiules opened
- From: Florian Westphal <fw@xxxxxxxxx>
- nft add element .. too many fiules opened
- From: Peter Hudec <peter@xxxxxxxxxxxxxxxx>
- Conditional inclusion of parts of nft file?
- From: Jesper Dybdal <netfilter@xxxxxxxxx>
- Re: using sets as snat targets in nat tables
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- Re: using sets as snat targets in nat tables
- From: Kamil Jońca <kjonca@xxxxx>
- using sets as snat targets in nat tables
- From: Maximiliano Estudies <maxiestudies@xxxxxxxxx>
- NFTABLES - BRIDGE TRANSPARENT FIREWALL
- From: Computer Planet <amministrazione@xxxxxxxxxxxxxxx>
- Re: nftables snat map with ports
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- RE: nft JSON rule output order
- From: "Atkins, Brian" <Brian.Atkins@xxxxxxxxxx>
- Re: nft JSON rule output order
- From: Kamil Jońca <kjonca@xxxxx>
- nftwatch bug fixes
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- nft JSON rule output order
- From: "Atkins, Brian" <Brian.Atkins@xxxxxxxxxx>
- Re: Proper way to ipsec filtering
- From: Kamil Jońca <kjonca@xxxxx>
- Re: Proper way to ipsec filtering
- From: Florian Westphal <fw@xxxxxxxxx>
- New tool to watch nftables counters - nftwatch
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- Proper way to ipsec filtering
- From: Kamil Jońca <kjonca@xxxxx>
- Proper way to use counters for a specific child chain
- From: Gio <gioflux@xxxxxxxxx>
- Re: ebtables complains about the speeding up example
- From: Cédric Martínez Campos <cedricmartinezcampos@xxxxxxxxx>
- Re: ebtables complains about the speeding up example
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ebtables complains about the speeding up example
- From: Cédric Martínez Campos <cedricmartinezcampos@xxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Error when using 'time' statement in nftables 1.0.2 rule
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Dropping L2 PTP packets using nftables
- From: Joseph Richard <joseph.richard@xxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Fw: nftables portknocking
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- [ANNOUNCE] libnfnetlink 1.0.2 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Redirect rule directly dropping packet
- From: "Boyd, Patrick" <Patrick.Boyd@xxxxxxxx>
- [ANNOUNCE] libmnl 1.0.5 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: SNAT not translating all iperf3 packets
- From: dynexbeats <dynexbeats@xxxxxxxxxxxxxx>
- Aw: Fw: nftables portknocking
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- SNAT not translating all iperf3 packets
- From: dynexbeats <dynexbeats@xxxxxxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: json_cmd not working as intended
- From: Léo El Amri <leo@xxxxxxxxxxx>
- Misleading include documentation
- From: Michaël PAULON <michael@xxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Florian Westphal <fw@xxxxxxxxx>
- bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- json_cmd not working as intended
- From: Francisco Albani <francisco.albani@xxxxxxxxxxxxxx>
- nftables portknocking
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Port pool of CentOS machine
- From: Ameen Al-Azzawi <ameen.azzawi@xxxxxxxxx>
- Re: IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- Re: IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- Re: nftables + docker
- From: Jarno Pelkonen <jarno.pelkonen@xxxxxxxxx>
- nftables + docker
- From: Matthew Ellquist <mellqui@xxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [ANNOUNCE] nftables 1.0.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- UDP IPVS: Incorrect conntrack entry in reply tuple
- From: Vivek Thrivikraman <vivek.thrivikraman@xxxxxxxx>
- [ANNOUNCE] libnetfilter_conntrack 1.0.9 release
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Want to match on a value from a map lookup
- From: Kyle Rose <krose@xxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Named sets/maps and atomic reload of the ruleset
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Directing some containers into a lower priority interface
- From: Daniel Gray <dngray@xxxxxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- [ANNOUNCE] Settlement with Patrick McHardy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [RFC PATCH 0/2] landlock network implementation cover letter
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- how to SNAT GRE tunneling?
- From: G7fya GoQ8 <falazemi@xxxxxxxxx>
- nftables: Using ip6 dscp in maps
- From: Brian Davidson <davidson.brian@xxxxxxxxx>
- Re: How to understand causes of invalid state for an OUPUT SYNACK packet
- From: Jerome Barotin <jbn@xxxxxx>
- Re: How to understand causes of invalid state for an OUPUT SYNACK packet
- From: Florian Westphal <fw@xxxxxxxxx>
- How to understand causes of invalid state for an OUPUT SYNACK packet
- From: Jerome Barotin <jbn@xxxxxx>
- RE: Query on CLOSED conntrack entry for sctp
- From: Vivek Thrivikraman <vivek.thrivikraman@xxxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: Stefano Brivio <sbrivio@xxxxxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- How to log NAT connections with nftables ?
- From: Olivier <oza.4h07@xxxxxxxxx>
- nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- Re: What is the GPRINT output plugin for?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Consolidating rules
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: Broken link
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Broken link
- From: yves baumes <ybaumes@xxxxxxxxx>
- Consolidating rules
- From: yves baumes <ybaumes@xxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- nftables character limits?
- From: Gio <gioflux@xxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- RE: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- RE: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Query on CLOSED conntrack entry for sctp
- From: Vivek Thrivikraman <vivek.thrivikraman@xxxxxxxx>
- packet drops after nft migration
- From: Stanisław Czech <s.czech@xxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Matching metainformation cgroup fails on input, works on output.
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: Matching metainformation cgroup fails on input, works on output.
- From: Vladimir Nikishkin <lockywolf@xxxxxxxxx>
- Re: Matching metainformation cgroup fails on input, works on output.
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- Matching metainformation cgroup fails on input, works on output.
- From: Vladimir Nikishkin <lockywolf@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Daniel <tech@xxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- netfilter and virtual machines
- From: Ross Boylan <rossboylan@xxxxxxxxxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Eric Garver <eric@xxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Daniel <tech@xxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Meaning of "." (dot) in netfilter
- From: Ross Boylan <rossboylan@xxxxxxxxxxxxxxxxxx>
- AW: Recovery of packet size
- From: Thomas Bätzler <t.baetzler@xxxxxxxxxx>
- Recovery of packet size
- From: Michael Dickensheets <michael.dickensheets@xxxxxxxxx>
- What is the GPRINT output plugin for?
- From: Vladimir Nikishkin <lockywolf@xxxxxxxxx>
- Re: conntrackd syncing specific ct zones
- From: Tobias Urdin <tobias.urdin@xxxxxxxxxx>
- Re: bridge-nf-filter-pppoe-tagged not working as expected
- From: Amish Chana <amish@xxxxxxxx>
- Re: Both { tcp, udp} in meta vmap
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Issues with SIP NAT for SDP/RTP Addresses
- From: John Marrett <johnf@xxxxxxxxxxxxxx>
- Re: Both { tcp, udp} in meta vmap
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Both { tcp, udp} in meta vmap
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- [ANNOUNCE] nftables 1.0.1 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.1 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnetfilter_log 1.0.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: bridge-nf-filter-pppoe-tagged not working as expected
- From: Florian Westphal <fw@xxxxxxxxx>
- bridge-nf-filter-pppoe-tagged not working as expected
- From: Amish Chana <amish@xxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Issues with SIP NAT for SDP/RTP Addresses
- From: John Marrett <johnf@xxxxxxxxxxxxxx>
- Issues with SIP NAT for SDP/RTP Addresses
- From: John Marrett <johnf@xxxxxxxxxxxxxx>
- Re: learning to understand iptables
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: learning to understand iptables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: learning to understand iptables
- From: serando <serando@xxxxxxxxxx>
- Re: learning to understand iptables
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- learning to understand iptables
- From: serando <serando@xxxxxxxxxx>
- Re: Improvements to the Home Router Wiki page
- From: Timothy Ham <timothyham@xxxxxxxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: reporting a bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft named set address types
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- reporting a bug?
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Improvements to the Home Router Wiki page
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- RE: Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests
- From: Marc <Marc@xxxxxxxxxxxxxxxxx>
- Re: how to mark a prerouting package so it will go through my ip route rule
- From: Jelle de Jong <jelledejong@xxxxxxxxxxxxx>
- how to mark a prerouting package so it will go through my ip route rule
- From: Jelle de Jong <jelledejong@xxxxxxxxxxxxx>
- Improvements to the Home Router Wiki page
- From: Timothy Ham <timothyham@xxxxxxxxxxxxxx>
- Re: Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests
- From: Philip Prindeville <philipp_subx@xxxxxxxxxxxxxxxxxxxxx>
- Getting systemd-nspawn to work with my ruleset
- From: Kevin P <petrilli.kevin@xxxxxxxxx>
- Re: nft list empty
- From: Nathan Wagner <nw@xxxxxxxxxxxxxxx>
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft list empty
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft list empty
- From: Nathan Wagner <nw@xxxxxxxxxxxxxxx>
- Re: nft list empty
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- nft list empty
- From: Nathan Wagner <nw@xxxxxxxxxxxxxxx>
- capwap protocol nested header
- Re: Need help
- From: Daniel <tech@xxxxxxxxxx>
- Need help
- From: Brad Knorr <bradley@xxxxxxxxxxxxxxx>
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Flowtable hardware offload
- From: iphone4004@xxxxxxxxxxxx
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Fwd: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Re: Deleting rules question
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Deleting rules question
- From: Daniel <tech@xxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- packet reassembling and fragmentation
- From: VELARTIS Philipp Dürhammer <p.duerhammer@xxxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Netfilter flow schematic: routing decision and output hook question
- From: Andrew Bate <mail@xxxxxxxxxxxxxx>
- Re: Invalidate conntrack using iptables rule
- From: halfdog <me@xxxxxxxxxxx>
- Re: How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: broken page
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Matt Mercer <matt.mercer@xxxxxxxxxxxxxxxxx>
- broken page
- From: Paulo Ricardo Bruck <paulobruck1@xxxxxxxxx>
- How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: Shivam Sandbhor <shivam@xxxxxxxxxxxx>
- How to load-balance tcp flows to internal dummy interfaces for parallel traffic capture?
- From: Simon Mullis <simon@xxxxxxxxxxxx>
- RE: netfilter 10,000' overview
- From: "Jeff" <jnewman67@xxxxxxx>
- Re: netfilter 10,000' overview
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: testing if a named set exists?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: netfilter 10,000' overview
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: testing if a named set exists?
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: testing if a named set exists?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: testing if a named set exists?
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- testing if a named set exists?
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- netfilter 10,000' overview
- From: "Jeff" <jnewman67@xxxxxxx>
- Hashlimit without meters in nftables?
- From: Mike Lee <curby@xxxxxx>
- Re: nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: integers byte order in netlink/NETLINK_NETFILTER messages
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: base chains with same hook, same priority
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: upper limit on number of ip addresses in an NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM message
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- upper limit on number of ip addresses in an NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM message
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- invalid type
- From: Paulo Ricardo Bruck <paulobruck1@xxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Matt Mercer <matt.mercer@xxxxxxxxxxxxxxxxx>
- Re: Fwd: nftables and connection tracking
- From: Daniel <tech@xxxxxxxxxx>
- Fwd: nftables and connection tracking
- From: Marek Greško <mgresko8@xxxxxxxxx>
- Aw: Re: nft 0.9.8 - error in mnl.c - with addition hw interfaces
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: nft 0.9.8 - error in mnl.c - with addition hw interfaces
- From: Eric Garver <eric@xxxxxxxxxxx>
- nft 0.9.8 - error in mnl.c - with addition hw interfaces
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] conntrackd: cache: fix zone entry uniqueness in external cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- conntrackd internal cache growing indefinitely in active-active setup
- From: Matt Mercer <matt.mercer@xxxxxxxxxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: integers byte order in netlink/NETLINK_NETFILTER messages
- From: Florian Westphal <fw@xxxxxxxxx>
- integers byte order in netlink/NETLINK_NETFILTER messages
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: wiki.nftables.org down?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: wiki.nftables.org down?
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: list vmap counter errot
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: wiki.nftables.org down?
- Re: base chains with same hook, same priority
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- base chains with same hook, same priority
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- wiki.nftables.org down?
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Haproxy's "send-proxy-v2" doesn’t work when conntrack is disabled
- From: Florian Westphal <fw@xxxxxxxxx>
- Haproxy's "send-proxy-v2" doesn’t work when conntrack is disabled
- From: InterNetX - Marc Reymann <marc.reymann@xxxxxxxxxxxxx>
- nft set type list
- From: Fatih USTA <fatihusta86@xxxxxxxxx>
- Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- conntrackd syncing specific ct zones
- From: Tobias Urdin <tobias.urdin@xxxxxxxxxx>
- Upgrading from kernel 5.12.19 to 5.13.13 made "ct state invalid" match IPv6 link-local addresses in tunnels
- From: Marcel Menzel <mail@xxxxxx>
- Re: Cannot reference sets in later rules until next nft run
- From: martin f krafft <madduck@xxxxxxxxxxx>
- Re: Cannot reference sets in later rules until next nft run
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Cannot reference sets in later rules until next nft run
- From: martin f krafft <madduck@xxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Ken-ichirou MATSUZAWA <chamas@xxxxxxxxxxxxx>
- Re: Fwd: IP daddr filtering not working for non-routable address
- From: Niko Kortström <niko.kortstrom@xxxxxxxxx>
- Re: Fwd: IP daddr filtering not working for non-routable address
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Fwd: IP daddr filtering not working for non-routable address
- From: Niko Kortström <niko.kortstrom@xxxxxxxxx>
- Re: Fwd: IP daddr filtering not working for non-routable address
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Fwd: IP daddr filtering not working for non-routable address
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Fwd: IP daddr filtering not working for non-routable address
- From: Niko Kortström <niko.kortstrom@xxxxxxxxx>
- Re: nft tool slow down due to large ipv4 addresses sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Invalidate conntrack using iptables rule
- From: halfdog <me@xxxxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Mathew Heard <mat999@xxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- How to disable network access for certain applications via nftables?
- From: Sheran <specify@xxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: [ANNOUNCE] nftables 1.0.0 release
- From: Amish <anon.amish@xxxxxxxxx>
- [ANNOUNCE] nftables 1.0.0 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: nftables support for cgroup v2 filtering by path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables support for cgroup v2 filtering by path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Daniel <tech@xxxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Florian Westphal <fw@xxxxxxxxx>
- conntrack: confirm existing but do not create new entries
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Daniel <tech@xxxxxxxxxx>
- AW: NAT - how external source port is selected
- From: Thomas Bätzler <t.baetzler@xxxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Daniel <tech@xxxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- NAT - how external source port is selected
- From: Daniel <tech@xxxxxxxxxx>
- nft tool slow down due to large ipv4 addresses sets
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nftables support for cgroup v2 filtering by path
- From: Mathieu Ruellan <mathieu.ruellan@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH] conntrackd: cache: fix zone entry uniqueness in external cache
- From: Adam Casella <ihateprod@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Fatih USTA <fatihusta86@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- nfnetlink_queue -- why linear lookup ?
- From: <alexandre.ferrieux@xxxxxxxxxx>
- Re: nftables - quota isn't working?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables - quota isn't working?
- From: pauloric@xxxxxxxxxxxxxxxx
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite News]
[Samba]