Linux TCP/IP Netfilter
[Prev Page][Next Page]
- nft JSON rule output order
- From: "Atkins, Brian" <Brian.Atkins@xxxxxxxxxx>
- Re: Proper way to ipsec filtering
- From: Kamil Jońca <kjonca@xxxxx>
- Re: Proper way to ipsec filtering
- From: Florian Westphal <fw@xxxxxxxxx>
- New tool to watch nftables counters - nftwatch
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- Proper way to ipsec filtering
- From: Kamil Jońca <kjonca@xxxxx>
- Proper way to use counters for a specific child chain
- From: Gio <gioflux@xxxxxxxxx>
- Re: ebtables complains about the speeding up example
- From: Cédric Martínez Campos <cedricmartinezcampos@xxxxxxxxx>
- Re: ebtables complains about the speeding up example
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ebtables complains about the speeding up example
- From: Cédric Martínez Campos <cedricmartinezcampos@xxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Error when using 'time' statement in nftables 1.0.2 rule
- From: Jeremy Sowden <jeremy@xxxxxxxxxx>
- Error when using 'time' statement in nftables 1.0.2 rule
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Dropping L2 PTP packets using nftables
- From: Joseph Richard <joseph.richard@xxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: Fw: nftables portknocking
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- [ANNOUNCE] libnfnetlink 1.0.2 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Redirect rule directly dropping packet
- From: "Boyd, Patrick" <Patrick.Boyd@xxxxxxxx>
- [ANNOUNCE] libmnl 1.0.5 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- Re: SNAT not translating all iperf3 packets
- From: dynexbeats <dynexbeats@xxxxxxxxxxxxxx>
- Aw: Fw: nftables portknocking
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- SNAT not translating all iperf3 packets
- From: dynexbeats <dynexbeats@xxxxxxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: json_cmd not working as intended
- From: Léo El Amri <leo@xxxxxxxxxxx>
- Misleading include documentation
- From: Michaël PAULON <michael@xxxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- Re: bug report and future request
- From: Florian Westphal <fw@xxxxxxxxx>
- bug report and future request
- From: Martin Zaharinov <micron10@xxxxxxxxx>
- json_cmd not working as intended
- From: Francisco Albani <francisco.albani@xxxxxxxxxxxxxx>
- nftables portknocking
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Re: NAT translation problem - leakage of packets with original source address
- From: Florian Westphal <fw@xxxxxxxxx>
- NAT translation problem - leakage of packets with original source address
- From: Marcin Kabiesz <marcin.kabiesz@xxxxxxxxxxxx>
- Port pool of CentOS machine
- From: Ameen Al-Azzawi <ameen.azzawi@xxxxxxxxx>
- Re: IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- Re: IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- IP SNAT in a bridge
- From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
- Re: nftables + docker
- From: Jarno Pelkonen <jarno.pelkonen@xxxxxxxxx>
- nftables + docker
- From: Matthew Ellquist <mellqui@xxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [ANNOUNCE] nftables 1.0.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- UDP IPVS: Incorrect conntrack entry in reply tuple
- From: Vivek Thrivikraman <vivek.thrivikraman@xxxxxxxx>
- [ANNOUNCE] libnetfilter_conntrack 1.0.9 release
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Want to match on a value from a map lookup
- From: Kyle Rose <krose@xxxxxxxxx>
- Re: Named sets/maps and atomic reload of the ruleset
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Named sets/maps and atomic reload of the ruleset
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/2] landlock network implementation cover letter
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Directing some containers into a lower priority interface
- From: Daniel Gray <dngray@xxxxxxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- [ANNOUNCE] Settlement with Patrick McHardy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [RFC PATCH 2/2] landlock: selftests for bind and connect hooks
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [RFC PATCH 1/2] landlock: TCP network hooks implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- [RFC PATCH 0/2] landlock network implementation cover letter
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- how to SNAT GRE tunneling?
- From: G7fya GoQ8 <falazemi@xxxxxxxxx>
- nftables: Using ip6 dscp in maps
- From: Brian Davidson <davidson.brian@xxxxxxxxx>
- Re: How to understand causes of invalid state for an OUPUT SYNACK packet
- From: Jerome Barotin <jbn@xxxxxx>
- Re: How to understand causes of invalid state for an OUPUT SYNACK packet
- From: Florian Westphal <fw@xxxxxxxxx>
- How to understand causes of invalid state for an OUPUT SYNACK packet
- From: Jerome Barotin <jbn@xxxxxx>
- RE: Query on CLOSED conntrack entry for sctp
- From: Vivek Thrivikraman <vivek.thrivikraman@xxxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: Stefano Brivio <sbrivio@xxxxxxxxxx>
- Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- How to log NAT connections with nftables ?
- From: Olivier <oza.4h07@xxxxxxxxx>
- nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- Re: What is the GPRINT output plugin for?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Consolidating rules
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: Broken link
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nftables stateless NAT in raw table mangles fragmented UDP packets
- From: Steffen Weinreich <steve@xxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Broken link
- From: yves baumes <ybaumes@xxxxxxxxx>
- Consolidating rules
- From: yves baumes <ybaumes@xxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/1] Landlock network PoC
- From: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
- [RFC PATCH 0/1] Landlock network PoC
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- nftables character limits?
- From: Gio <gioflux@xxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- RE: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- RE: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Konstantin Meskhidze <konstantin.meskhidze@xxxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Willem de Bruijn <willemdebruijn.kernel@xxxxxxxxx>
- Re: [RFC PATCH 0/2] Landlock network PoC implementation
- From: Mickaël Salaün <mic@xxxxxxxxxxx>
- Query on CLOSED conntrack entry for sctp
- From: Vivek Thrivikraman <vivek.thrivikraman@xxxxxxxx>
- packet drops after nft migration
- From: Stanisław Czech <s.czech@xxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Matching metainformation cgroup fails on input, works on output.
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: Matching metainformation cgroup fails on input, works on output.
- From: Vladimir Nikishkin <lockywolf@xxxxxxxxx>
- Re: Matching metainformation cgroup fails on input, works on output.
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- Matching metainformation cgroup fails on input, works on output.
- From: Vladimir Nikishkin <lockywolf@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Daniel <tech@xxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- netfilter and virtual machines
- From: Ross Boylan <rossboylan@xxxxxxxxxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Eric Garver <eric@xxxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Daniel <tech@xxxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: delete matching rule like it can be done in case of iptables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- delete matching rule like it can be done in case of iptables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Meaning of "." (dot) in netfilter
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Meaning of "." (dot) in netfilter
- From: Ross Boylan <rossboylan@xxxxxxxxxxxxxxxxxx>
- AW: Recovery of packet size
- From: Thomas Bätzler <t.baetzler@xxxxxxxxxx>
- Recovery of packet size
- From: Michael Dickensheets <michael.dickensheets@xxxxxxxxx>
- What is the GPRINT output plugin for?
- From: Vladimir Nikishkin <lockywolf@xxxxxxxxx>
- Re: conntrackd syncing specific ct zones
- From: Tobias Urdin <tobias.urdin@xxxxxxxxxx>
- Re: bridge-nf-filter-pppoe-tagged not working as expected
- From: Amish Chana <amish@xxxxxxxx>
- Re: Both { tcp, udp} in meta vmap
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Issues with SIP NAT for SDP/RTP Addresses
- From: John Marrett <johnf@xxxxxxxxxxxxxx>
- Re: Both { tcp, udp} in meta vmap
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Both { tcp, udp} in meta vmap
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- [ANNOUNCE] nftables 1.0.1 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.1 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnetfilter_log 1.0.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: bridge-nf-filter-pppoe-tagged not working as expected
- From: Florian Westphal <fw@xxxxxxxxx>
- bridge-nf-filter-pppoe-tagged not working as expected
- From: Amish Chana <amish@xxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: nft named set address types
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Issues with SIP NAT for SDP/RTP Addresses
- From: John Marrett <johnf@xxxxxxxxxxxxxx>
- Issues with SIP NAT for SDP/RTP Addresses
- From: John Marrett <johnf@xxxxxxxxxxxxxx>
- Re: learning to understand iptables
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: learning to understand iptables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: learning to understand iptables
- From: serando <serando@xxxxxxxxxx>
- Re: learning to understand iptables
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- learning to understand iptables
- From: serando <serando@xxxxxxxxxx>
- Re: Improvements to the Home Router Wiki page
- From: Timothy Ham <timothyham@xxxxxxxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: nft named set address types
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: reporting a bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft named set address types
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- reporting a bug?
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Improvements to the Home Router Wiki page
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft named set address types
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- RE: Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests
- From: Marc <Marc@xxxxxxxxxxxxxxxxx>
- Re: how to mark a prerouting package so it will go through my ip route rule
- From: Jelle de Jong <jelledejong@xxxxxxxxxxxxx>
- how to mark a prerouting package so it will go through my ip route rule
- From: Jelle de Jong <jelledejong@xxxxxxxxxxxxx>
- Improvements to the Home Router Wiki page
- From: Timothy Ham <timothyham@xxxxxxxxxxxxxx>
- Re: Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests
- From: Philip Prindeville <philipp_subx@xxxxxxxxxxxxxxxxxxxxx>
- Getting systemd-nspawn to work with my ruleset
- From: Kevin P <petrilli.kevin@xxxxxxxxx>
- Re: nft list empty
- From: Nathan Wagner <nw@xxxxxxxxxxxxxxx>
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft list empty
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft list empty
- From: Nathan Wagner <nw@xxxxxxxxxxxxxxx>
- Re: nft list empty
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- nft list empty
- From: Nathan Wagner <nw@xxxxxxxxxxxxxxx>
- capwap protocol nested header
- Re: Need help
- From: Daniel <tech@xxxxxxxxxx>
- Need help
- From: Brad Knorr <bradley@xxxxxxxxxxxxxxx>
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Flowtable hardware offload
- From: iphone4004@xxxxxxxxxxxx
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Fwd: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Re: nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft numeric output translates tcp flags rule so it cannot be loaded again
- From: Benno <b.ohnsorg@xxxxxxxxxx>
- Re: Deleting rules question
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Deleting rules question
- From: Daniel <tech@xxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- packet reassembling and fragmentation
- From: VELARTIS Philipp Dürhammer <p.duerhammer@xxxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Netfilter flow schematic: routing decision and output hook question
- From: Andrew Bate <mail@xxxxxxxxxxxxxx>
- Re: Invalidate conntrack using iptables rule
- From: halfdog <me@xxxxxxxxxxx>
- Re: How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: broken page
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Matt Mercer <matt.mercer@xxxxxxxxxxxxxxxxx>
- broken page
- From: Paulo Ricardo Bruck <paulobruck1@xxxxxxxxx>
- How to add overlapping CIDR blocks in a set and have a way delete them ?
- From: Shivam Sandbhor <shivam@xxxxxxxxxxxx>
- How to load-balance tcp flows to internal dummy interfaces for parallel traffic capture?
- From: Simon Mullis <simon@xxxxxxxxxxxx>
- RE: netfilter 10,000' overview
- From: "Jeff" <jnewman67@xxxxxxx>
- Re: netfilter 10,000' overview
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: testing if a named set exists?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: netfilter 10,000' overview
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: testing if a named set exists?
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: testing if a named set exists?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: testing if a named set exists?
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- testing if a named set exists?
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- netfilter 10,000' overview
- From: "Jeff" <jnewman67@xxxxxxx>
- Hashlimit without meters in nftables?
- From: Mike Lee <curby@xxxxxx>
- Re: nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: integers byte order in netlink/NETLINK_NETFILTER messages
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: base chains with same hook, same priority
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: upper limit on number of ip addresses in an NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM message
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft set load metrics
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft set load metrics
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- upper limit on number of ip addresses in an NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM message
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- invalid type
- From: Paulo Ricardo Bruck <paulobruck1@xxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Matt Mercer <matt.mercer@xxxxxxxxxxxxxxxxx>
- Re: Fwd: nftables and connection tracking
- From: Daniel <tech@xxxxxxxxxx>
- Fwd: nftables and connection tracking
- From: Marek Greško <mgresko8@xxxxxxxxx>
- Aw: Re: nft 0.9.8 - error in mnl.c - with addition hw interfaces
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: nft 0.9.8 - error in mnl.c - with addition hw interfaces
- From: Eric Garver <eric@xxxxxxxxxxx>
- nft 0.9.8 - error in mnl.c - with addition hw interfaces
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: conntrackd internal cache growing indefinitely in active-active setup
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH] conntrackd: cache: fix zone entry uniqueness in external cache
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- conntrackd internal cache growing indefinitely in active-active setup
- From: Matt Mercer <matt.mercer@xxxxxxxxxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: integers byte order in netlink/NETLINK_NETFILTER messages
- From: Florian Westphal <fw@xxxxxxxxx>
- integers byte order in netlink/NETLINK_NETFILTER messages
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: wiki.nftables.org down?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: wiki.nftables.org down?
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: list vmap counter errot
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- Re: Error: conflicting intervals specified - Bullseye 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: wiki.nftables.org down?
- Re: base chains with same hook, same priority
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- base chains with same hook, same priority
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- wiki.nftables.org down?
- From: Matt Zagrabelny <mzagrabe@xxxxxxxxx>
- Re: Haproxy's "send-proxy-v2" doesn’t work when conntrack is disabled
- From: Florian Westphal <fw@xxxxxxxxx>
- Haproxy's "send-proxy-v2" doesn’t work when conntrack is disabled
- From: InterNetX - Marc Reymann <marc.reymann@xxxxxxxxxxxxx>
- nft set type list
- From: Fatih USTA <fatihusta86@xxxxxxxxx>
- Error: conflicting intervals specified - Bullseye 0.9.8
- From: Daniel <tech@xxxxxxxxxx>
- conntrackd syncing specific ct zones
- From: Tobias Urdin <tobias.urdin@xxxxxxxxxx>
- Upgrading from kernel 5.12.19 to 5.13.13 made "ct state invalid" match IPv6 link-local addresses in tunnels
- From: Marcel Menzel <mail@xxxxxx>
- Re: Cannot reference sets in later rules until next nft run
- From: martin f krafft <madduck@xxxxxxxxxxx>
- Re: Cannot reference sets in later rules until next nft run
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Cannot reference sets in later rules until next nft run
- From: martin f krafft <madduck@xxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Ken-ichirou MATSUZAWA <chamas@xxxxxxxxxxxxx>
- Re: Fwd: IP daddr filtering not working for non-routable address
- From: Niko Kortström <niko.kortstrom@xxxxxxxxx>
- Re: Fwd: IP daddr filtering not working for non-routable address
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Fwd: IP daddr filtering not working for non-routable address
- From: Niko Kortström <niko.kortstrom@xxxxxxxxx>
- Re: Fwd: IP daddr filtering not working for non-routable address
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Fwd: IP daddr filtering not working for non-routable address
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Fwd: IP daddr filtering not working for non-routable address
- From: Niko Kortström <niko.kortstrom@xxxxxxxxx>
- Re: nft tool slow down due to large ipv4 addresses sets
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Invalidate conntrack using iptables rule
- From: halfdog <me@xxxxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Mathew Heard <mat999@xxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- How to disable network access for certain applications via nftables?
- From: Sheran <specify@xxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: [ANNOUNCE] nftables 1.0.0 release
- From: Amish <anon.amish@xxxxxxxxx>
- [ANNOUNCE] nftables 1.0.0 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: nftables support for cgroup v2 filtering by path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables support for cgroup v2 filtering by path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Daniel <tech@xxxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: conntrack: confirm existing but do not create new entries
- From: Florian Westphal <fw@xxxxxxxxx>
- conntrack: confirm existing but do not create new entries
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Daniel <tech@xxxxxxxxxx>
- AW: NAT - how external source port is selected
- From: Thomas Bätzler <t.baetzler@xxxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Daniel <tech@xxxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: NAT - how external source port is selected
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- NAT - how external source port is selected
- From: Daniel <tech@xxxxxxxxxx>
- nft tool slow down due to large ipv4 addresses sets
- From: Cristian Constantin <const.crist@xxxxxxxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nftables support for cgroup v2 filtering by path
- From: Mathieu Ruellan <mathieu.ruellan@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH] conntrackd: cache: fix zone entry uniqueness in external cache
- From: Adam Casella <ihateprod@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Fatih USTA <fatihusta86@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- Re: ulogd packet based logging with CT info
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- ulogd packet based logging with CT info
- From: Blažej Krajňák <blazej.krajnak@xxxxxxxxx>
- nfnetlink_queue -- why linear lookup ?
- From: <alexandre.ferrieux@xxxxxxxxxx>
- Re: nftables - quota isn't working?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables - quota isn't working?
- From: pauloric@xxxxxxxxxxxxxxxx
- nftables - quota isn't working?
- From: pauloric@xxxxxxxxxxxxxxxx
- Re: Why aren't INPUT and FORWARD chains available to a locally-generated packet?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Why aren't INPUT and FORWARD chains available to a locally-generated packet?
- From: Harry <simonsharry@xxxxxxxxx>
- Re: Why aren't INPUT and FORWARD chains available to a locally-generated packet?
- From: Harry <simonsharry@xxxxxxxxx>
- Re: Why aren't INPUT and FORWARD chains available to a locally-generated packet?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Why aren't INPUT and FORWARD chains available to a locally-generated packet?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Why aren't INPUT and FORWARD chains available to a locally-generated packet?
- From: Florian Westphal <fw@xxxxxxxxx>
- Why aren't INPUT and FORWARD chains available to a locally-generated packet?
- From: Harry S <simonsharry@xxxxxxxxx>
- [ANNOUNCE] ipset 7.15 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- which example to use?
- From: Stéphane Charette <stephanecharette@xxxxxxxxx>
- Re: Dropping UDP packets to port 53 containing known domain string?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Dropping UDP packets to port 53 containing known domain string?
- From: Tom <tom@xxxxxxxxxxx>
- Re: [nft] Regarding `tcp flags` (and a potential bug)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft] Regarding `tcp flags` (and a potential bug)
- From: Tom Yan <tom.ty89@xxxxxxxxx>
- [ANNOUNCE] ipset 7.14 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] ipset 7.13 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] ipset 7.13 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: [ANNOUNCE] ipset 7.13 released
- From: Jan Engelhardt <jengelh@xxxxxxx>
- Re: [nft] Regarding `tcp flags` (and a potential bug)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nft] Regarding `tcp flags` (and a potential bug)
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nft] Regarding `tcp flags` (and a potential bug)
- From: Tom Yan <tom.ty89@xxxxxxxxx>
- [nft] Regarding `tcp flags` (and a potential bug)
- From: Tom Yan <tom.ty89@xxxxxxxxx>
- [ANNOUNCE] ipset 7.13 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: Dropping UDP packets to port 53 containing known domain string?
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Dropping UDP packets to port 53 containing known domain string?
- From: John Covici <covici@xxxxxxxxxxxxxx>
- Dropping UDP packets to port 53 containing known domain string?
- From: Tom <tom@xxxxxxxxxxx>
- Feature request on ip[6]tables-restore-translate
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: OK, IPv4 vs IPv6 is driving me crazy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: OK, IPv4 vs IPv6 is driving me crazy
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: OK, IPv4 vs IPv6 is driving me crazy
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- OK, IPv4 vs IPv6 is driving me crazy
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: manual : CONNTRACK EXPRESSIONS
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: H.225.0 NAT packet mangling module?
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
- Re: H.225.0 NAT packet mangling module?
- From: Akshat Kakkar <akshat.1984@xxxxxxxxx>
- Re: nftables element not in set
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables element not in set
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- manual : CONNTRACK EXPRESSIONS
- From: pauloric@xxxxxxxxxxxxxxxx
- Criticism welcome: nftables rp_filtering in and out
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- OK, I give up.
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: Handle a packet by netfilter after traversing a veth pair
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Need two routers in tandem to implement BGP38?
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- ip[6]tables implementation of rf_filter
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Handle a packet by netfilter after traversing a veth pair
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Re: Netfilter rules to replicate, consume ingress packet locally and forward clone packet
- From: rakesh goyal <goyal.rakesh@xxxxxxxxx>
- Re: Redirect all traffic or range of ports to an IP
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Netfilter rules to replicate, consume ingress packet locally and forward clone packet
- From: rakesh goyal <goyal.rakesh@xxxxxxxxx>
- Re: Redirect all traffic or range of ports to an IP
- From: Daniel <tech@xxxxxxxxxx>
- Redirect all traffic or range of ports to an IP
- From: Daniel <tech@xxxxxxxxxx>
- Re: libnetfilter_queue: Access conntrack info
- From: Psyspy 22 <psyspy2020@xxxxxxxxx>
- Re: Reload IPtables
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
- Strange behavior of the ctdir option
- From: CoD DoC <coddoc37@xxxxxxxxx>
- Re: libnetfilter_queue: Access conntrack info
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: libnetfilter_queue: Access conntrack info
- From: Psyspy 22 <psyspy2020@xxxxxxxxx>
- Re: Reload IPtables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: libnetfilter_queue: Access conntrack info
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: libnetfilter_queue: Access conntrack info
- From: Psyspy 22 <psyspy2020@xxxxxxxxx>
- Re: libnetfilter_queue: Access conntrack info
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Reload IPtables
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
- Re: IP Addresses Changed to Hostnames in IPTables
- Re: IP Addresses Changed to Hostnames in IPTables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: IP Addresses Changed to Hostnames in IPTables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: IP Addresses Changed to Hostnames in IPTables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: IP Addresses Changed to Hostnames in IPTables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- IP Addresses Changed to Hostnames in IPTables
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Alessandro Vesely <vesely@xxxxxxx>
- libnetfilter_queue: Access conntrack info
- From: Psyspy 22 <psyspy2020@xxxxxxxxx>
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: Reload IPtables
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: Reload IPtables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- Re: Reload IPtables
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: Reload IPtables
- From: Kerin Millar <kfm@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- Re: Reload IPtables
- Re: Reload IPtables
- From: David Hajes <david@xxxxxxxxx>
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: David Hajes <david@xxxxxxxxx>
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: David Hajes <david@xxxxxxxxx>
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Reload IPtables
- Re: Reload IPtables
- Re: Reload IPtables
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: Reload IPtables
- Re: Reload IPtables
- From: David Hajes <david@xxxxxxxxx>
- Reload IPtables
- Problem when routing UDP port 53
- From: Pierre Couderc <pierre@xxxxxxxxxx>
- Thanks
- Re: Rules
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: Legacy?
- From: Florian Westphal <fw@xxxxxxxxx>
- Legacy?
- Rules
- How to rewrite dest.IP of UDP packets, cloned by TEE target?
- From: Thomas Conrath <conrath@xxxxxxxxx>
- Question regarding licensing terms and compliance
- From: 洪湘晴 <susan60628@xxxxxxxxx>
- Re: Fail-closed option? (Make all policies "drop" by default for newly created namespaces)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nftables CONFIG_NFT_OBJREF "ct helper set"
- From: Stefan Hartmann <stefanh@xxxxxxxxxxxx>
- #netfilter IRC channel now on libera.chat
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- [ANNOUNCE] nftables 0.9.9 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.2.0 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: libnetfilter_conntrack: ABI breakage error
- From: Psyspy 22 <psyspy2020@xxxxxxxxx>
- Re: libnetfilter_conntrack: ABI breakage error
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: libnetfilter_conntrack: ABI breakage error
- From: Psyspy 22 <psyspy2020@xxxxxxxxx>
- Re: libnetfilter_conntrack: ABI breakage error
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- libnetfilter_conntrack: ABI breakage error
- From: Psyspy 22 <psyspy2020@xxxxxxxxx>
- Re: Possible to load balance (nftlb) mostly NFS traffic with important connections?
- From: Laura García Liébana <nevola@xxxxxxxxx>
- Re: Fail-closed option? (Make all policies "drop" by default for newly created namespaces)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Possible to load balance (nftlb) mostly NFS traffic with important connections?
- From: Carsten Aulbert <carsten.aulbert@xxxxxxxxxx>
- Re: Commas or Spaces?
- From: "" <kfm@xxxxxxxxxxxxx>
- Commas or Spaces?
- Re: Running an active/active firewall/router (xt_cluster?)
- From: Paul Robert Marino <prmarino1@xxxxxxxxx>
- Re: Running an active/active firewall/router (xt_cluster?)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Running an active/active firewall/router (xt_cluster?)
- From: Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx>
- Re: Running an active/active firewall/router (xt_cluster?)
- From: Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx>
- Re: Running an active/active firewall/router (xt_cluster?)
- From: Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx>
- Re: Running an active/active firewall/router (xt_cluster?)
- From: Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx>
- Re: Running an active/active firewall/router (xt_cluster?)
- From: Paul Robert Marino <prmarino1@xxxxxxxxx>
- Re: Running an active/active firewall/router (xt_cluster?)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Running an active/active firewall/router (xt_cluster?)
- From: Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx>
- Re: Running an active/active firewall/router (xt_cluster?)
- From: Paul Robert Marino <prmarino1@xxxxxxxxx>
- Aw: Re: Re: Re: Re: Re: Re: Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: Re: Re: Re: Re: Re: Re: Flowtable with ppp/bridge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Aw: Re: Re: Re: Re: Re: Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Running an active/active firewall/router (xt_cluster?)
- From: Oliver Freyermuth <freyermuth@xxxxxxxxxxxxxxxxxx>
- Forcing SNAT to preserve the original source port
- From: Carsten <abcdmail@xxxxxxxxxx>
- Re: wiki.nftables.org down
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: wiki.nftables.org down
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: wiki.nftables.org down
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Re: Re: Re: Re: Re: Flowtable with ppp/bridge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- wiki.nftables.org down
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Aw: Re: Re: Re: Re: Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: Re: Re: Re: Re: Flowtable with ppp/bridge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Commas or Spaces?
- nf does not DNAT, but also does not not-NAT
- From: Przemysław Kowalczyk <pkowalczyk@xxxxxxxxxxxx>
- Aw: Re: Re: Re: Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: Re: Re: Re: Flowtable with ppp/bridge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Aw: Re: Re: Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: Re: Re: Flowtable with ppp/bridge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrackd inverted NAT address, endianness issue?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Aw: Re: Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: Re: Flowtable with ppp/bridge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Aw: Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: nftables auto-merge on combined sets
- From: Stefano Brivio <sbrivio@xxxxxxxxxx>
- Aw: Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: nftables equivalent for iptable rules.
- From: R C <cjvijf@xxxxxxxxx>
- Re: nftables equivalent for iptable rules.
- From: Eric Garver <eric@xxxxxxxxxxx>
- Re: Why is it impossible to DNAT 127.0.0.0/8?
- From: Paul Robert Marino <prmarino1@xxxxxxxxx>
- nftables equivalent for iptable rules.
- From: R C <cjvijf@xxxxxxxxx>
- Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: Flowtable with ppp/bridge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Why is it impossible to DNAT 127.0.0.0/8?
- From: "Quentin, Lars" <lars.quentin@xxxxxxxxxxxxxxxxxxxxxx>
- Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: Flowtable with ppp/bridge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: Flowtable with ppp/bridge
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Flowtable with ppp/bridge
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- nftables auto-merge on combined sets
- From: Frömmel, Christian <christian.froemmel@xxxxxxxxxx>
- Re: conntrackd inverted NAT address, endianness issue?
- From: Tao Gong <gongtao0607@xxxxxxxxx>
- Re: nftables support for cgroup v2 filtering by path
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: device list reversed
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: device list reversed
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: conntrackd inverted NAT address, endianness issue?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables port forward on DHCP interface to static IP
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables port forward on DHCP interface to static IP
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables port forward on DHCP interface to static IP
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- conntrackd inverted NAT address, endianness issue?
- From: Tao Gong <gongtao0607@xxxxxxxxx>
- Re: nftables port forward on DHCP interface to static IP
- From: Pekka Järvinen <pekka.jarvinen@xxxxxxxxx>
- nftables support for cgroup v2 filtering by path
- From: Yves Perrenoud <yves-netfilter@xxxxxxxxx>
- Re: nftables port forward on DHCP interface to static IP
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- nftables port forward on DHCP interface to static IP
- From: Pekka Järvinen <pekka.jarvinen@xxxxxxxxx>
- Fail-closed option? (Make all policies "drop" by default for newly created namespaces)
- From: mose@xxxxxxxxxxxxxx
- ebtables rules for specific bridge
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- device list reversed
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- [PATCH nft] evaluate: check if nat statement map specifies a transport header expr
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: List and reimport Ruleset fails with "Error: transport protocol mapping is only valid after transport protocol match"
- From: Florian Westphal <fw@xxxxxxxxx>
- List and reimport Ruleset fails with "Error: transport protocol mapping is only valid after transport protocol match"
- From: Henning Reich <henning.reich@xxxxxxxxx>
- Re: nftables "stateful object" nomenclature
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables "stateful object" nomenclature
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nftables "stateful object" nomenclature
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nft show counter
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nft show counter
- From: Anton Rieger <rieger@xxxxxxxxx>
- Re: nft show counter
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: nft show counter
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Aw: Re: Re: nft show counter
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Aw: Re: Re: nft show counter
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: Re: nft show counter
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft show counter
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Re: nft show counter
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Re: nft show counter
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: nft show counter
- From: Anton Rieger <rieger@xxxxxxxxx>
- Aw: Re: nft show counter
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- SNAT/Masquerade not modifying the Source IP randomly
- From: Pavan Amancherla <pavan.ramanaiah@xxxxxxxxx>
- Re: nft show counter
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nft show counter
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft show counter
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- nft show counter
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: bridge-nf-call-iptables: checking bridge vs. IP context?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: bridge-nf-call-iptables: checking bridge vs. IP context?
- From: Linus Lüssing <linus.luessing@xxxxxxxxx>
- Re: bridge-nf-call-iptables: checking bridge vs. IP context?
- From: Florian Westphal <fw@xxxxxxxxx>
- bridge-nf-call-iptables: checking bridge vs. IP context?
- From: Linus Lüssing <linus.luessing@xxxxxxxxx>
- RE: Creating named set
- From: <paul.guijt@xxxxxxxxx>
- Re: Creating named set
- From: Florian Westphal <fw@xxxxxxxxx>
- Creating named set
- From: <paul.guijt@xxxxxxxxx>
- Aw: hw flow offload - nft crosscompile
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Script to manage a simple DynDNS whitelist based firewall using nftables
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- Aw: hw flow offload - nft crosscompile
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- hw flow offload - nft crosscompile
- From: Frank Wunderlich <frank-w@xxxxxxxxxxxxxxx>
- Re: Traffic drops when using flow offload for nftables based NAT
- From: tech <tech@xxxxxxxxxxxxx>
- Re: How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Startup script for ssdp helper app
- From: Budge <ajebay@xxxxxxxxxxxxxx>
- Re: How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: nfqueue ethernet packet frame capture
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: nfqueue ethernet packet frame capture
- From: ilker <ilkery@xxxxxxxxx>
- Re: nfqueue ethernet packet frame capture
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nfqueue ethernet packet frame capture
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nfqueue ethernet packet frame capture
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nfqueue ethernet packet frame capture
- From: ilker <ilkery@xxxxxxxxx>
- Re: How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Traffic drops when using flow offload for nftables based NAT
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: How to concatenate subnet with port in a set?
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: How to concatenate subnet with port in a set?
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- How to troubleshoot (suspected) flowtable lockups/packet drops?
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- How to concatenate subnet with port in a set?
- From: "etkaar" <lists.netfilter.org@xxxxxxx>
- Re: wiki.nftables.org Certificate expired
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- wiki.nftables.org Certificate expired
- From: Philipp Rintz <philipp.rintz@xxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Traffic drops when using flow offload for nftables based NAT
- From: tech <tech@xxxxxxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Stefan Hartmann <stefanh@xxxxxxxxxxxx>
- Re: [HEADS UP] bugzilla.netfilter.org is under maintainance
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: [HEADS UP] bugzilla.netfilter.org is under maintainance
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [HEADS UP] bugzilla.netfilter.org is under maintainance
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: when will nftables have ability to delete matching rule like iptables?
- From: Amish V <anon.amish@xxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Florian Westphal <fw@xxxxxxxxx>
- IP MASQUERADE isn't working properly
- From: Ameen Al-Azzawi <ameen.azzawi@xxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Stefan Hartmann <stefanh@xxxxxxxxxxxx>
- Re: when will nftables have ability to delete matching rule like iptables?
- From: "" <kfm@xxxxxxxxxxxxx>
- when will nftables have ability to delete matching rule like iptables?
- From: Amish <anon.amish@xxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Stefan Hartmann <stefanh@xxxxxxxxxxxx>
- Re: nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...
- From: Stefan Hartmann <stefanh@xxxxxxxxxxxx>
- nft_set_type
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Matching l3mdev output interface in snat
- From: Daniele Orlandi <daniele@xxxxxxxxxxx>
- Matching l3mdev output interface in snat
- From: Daniele Orlandi <daniele@xxxxxxxxxxx>
- iptables masquerade source ip selection issue
- From: Derrick Lim <derrickltl@xxxxxxxxx>
- Re: 'Did not kill' written out when redirecting 'nft list ruleset' in 0.9.8
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- 'Did not kill' written out when redirecting 'nft list ruleset' in 0.9.8
- From: Martin Gignac <martin.gignac@xxxxxxxxx>
- Re: libnetfilter_queue : Parsing payload
- From: Psyspy 22 <psyspy2020@xxxxxxxxx>
- [ANNOUNCE] ipset 7.11 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxx>
- libnetfilter_queue : Parsing payload
- From: Psyspy 22 <psyspy2020@xxxxxxxxx>
- libnetfilter_queue example
- From: Psyspy 22 <psyspy2020@xxxxxxxxx>
- iptables-nft: masquerade choosing wrong source ip on lo
- From: Etienne Champetier <champetier.etienne@xxxxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Phil Sutter <phil@xxxxxx>
- Re: Wildcards / large ranges in concatenations
- From: Florian Westphal <fw@xxxxxxxxx>
- Wildcards / large ranges in concatenations
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Initial loading of ruleset slower than subsequent tries
- From: Martin Bochenek <bochi2006@xxxxxxxxx>
- Re: traffic shaping with tc on Linux 5.4.x
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- traffic shaping with tc on Linux 5.4.x
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Phil Sutter <phil@xxxxxx>
- Re: Unable to create a chain called "trace"
- From: Balazs Scheidler <bazsi77@xxxxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Phil Sutter <phil@xxxxxx>
- Re: Unable to create a chain called "trace"
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Incoming Connections with IPv6 NETMAP for Multiple ISPs Only Work for 1 ISP at a time.
- From: Adam Goldberg <adam@xxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Phil Sutter <phil@xxxxxx>
- Re: Unable to create a chain called "trace"
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Phil Sutter <phil@xxxxxx>
- Re: Unable to create a chain called "trace"
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Phil Sutter <phil@xxxxxx>
- Re: Constraints on nft expressions and statements in inet ingress chains
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Phil Sutter <phil@xxxxxx>
- Re: Constraints on nft expressions and statements in inet ingress chains
- From: Florian Westphal <fw@xxxxxxxxx>
- Constraints on nft expressions and statements in inet ingress chains
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Unable to create a chain called "trace"
- From: Florian Westphal <fw@xxxxxxxxx>
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite News]
[Samba]
