Linux TCP/IP Netfilter
[Prev Page][Next Page]
- [nftables 0.9.2 | kernel 4.19.93] dropping ct state untracked stops ipv6 connectivity
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: nft ingress won't work on wireless ?
- From: sean darcy <seandarcy2@xxxxxxxxx>
- Re: Waiting until first release of NFTABLES
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Waiting until first release of NFTABLES
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: use libiptc to build a rule to allow tftp traffic
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: use libiptc to build a rule to allow tftp traffic
- From: Moyuan Chen <moyuan.chen@xxxxxxxxx>
- Re: Restoring rulesets containing dynamic sets with counters
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Restoring rulesets containing dynamic sets with counters
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Restoring rulesets containing dynamic sets with counters
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Restoring rulesets containing dynamic sets with counters
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft ingress won't work on wireless ?
- From: sean darcy <seandarcy2@xxxxxxxxx>
- Restoring rulesets containing dynamic sets with counters
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- nftables wiki
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nft ingress won't work on wireless ?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables equivalent of "ipset test"?
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: nftables equivalent of "ipset test"?
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables equivalent of "ipset test"?
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables equivalent of "ipset test"?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables equivalent of "ipset test"?
- From: "" <kfm@xxxxxxxxxxxxx>
- nftables equivalent of "ipset test"?
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: Found extra tables in nft ruleset
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: nft ingress won't work on wireless ?
- From: sean darcy <seandarcy2@xxxxxxxxx>
- nft ingress won't work on wireless ?
- From: sean darcy <seandarcy2@xxxxxxxxx>
- Re: Demystifying sets
- From: jon_netfilter@xxxxxxxxxxxxxxxxx
- Re: use numgen to create address in rule
- From: Dennett Ingram <d@xxxxxxxxxx>
- Re: use numgen to create address in rule
- From: Laura Garcia <nevola@xxxxxxxxx>
- Set timeout, gc-interval and size parameters
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- use numgen to create address in rule
- From: Dennett Ingram <d@xxxxxxxxxx>
- Re: Found extra tables in nft ruleset
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: Found extra tables in nft ruleset
- From: Florian Westphal <fw@xxxxxxxxx>
- Found extra tables in nft ruleset
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: Why inet table doesn't support nat prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Why inet table doesn't support nat prerouting chain?
- From: Florian Westphal <fw@xxxxxxxxx>
- Why inet table doesn't support nat prerouting chain?
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Re: Is it possible to get a transparent proxy with Redsocks when using the new nftables?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is it possible to get a transparent proxy with Redsocks when using the new nftables?
- From: Verachten Bruno <gounthar@xxxxxxxxx>
- LXD Container can't access trough host address
- From: Franz Schneider <Franz.Schneider@xxxxxxxxxxxxx>
- Re: Is it possible to get a transparent proxy with Redsocks when using the new nftables?
- From: Florian Westphal <fw@xxxxxxxxx>
- Is it possible to get a transparent proxy with Redsocks when using the new nftables?
- From: Verachten Bruno <gounthar@xxxxxxxxx>
- Re: nftables offload doesn't seem to work
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Demystifying sets
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: nftables offload doesn't seem to work
- From: Patrick McLean <chutzpah@xxxxxxxxxx>
- nftables offload doesn't seem to work
- From: Patrick McLean <chutzpah@xxxxxxxxxx>
- Demystifying sets
- From: jon_netfilter@xxxxxxxxxxxxxxxxx
- wiki acess
- From: pauloric@xxxxxxxxxxxxxxxx
- Re: loadbalance with 2 or more links
- From: Laura Garcia <nevola@xxxxxxxxx>
- loadbalance with 2 or more links
- From: pauloric@xxxxxxxxxxxxxxxx
- Re: Waiting until first release of NFTABLES
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: Waiting until first release of NFTABLES
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: Waiting until first release of NFTABLES
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: Waiting until first release of NFTABLES
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: Waiting until first release of NFTABLES
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Waiting until first release of NFTABLES
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: Waiting until first release of NFTABLES
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- [ANNOUNCE] ipset 7.6 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Typo in the 'Mangle TCP options' wiki pages
- From: Pieter van Leuven <pieter@xxxxxxxxxxxxx>
- Waiting until first release of NFTABLES
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c
- From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
- Re: Automatically maintaining unique list of addresses
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: Automatically maintaining unique list of addresses
- From: pauloric@xxxxxxxxxxxxxxxx
- Automatically maintaining unique list of addresses
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c
- From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
- Re: NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables "native interface" for IPv6 NPT?
- From: Haochen Tong <i@xxxxxxxxxxxx>
- Re: Difficulties with ulog / NFCT
- From: Alessandro Vesely <vesely@xxxxxxx>
- NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c
- From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
- Re: Difficulties with ulog / NFCT
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
- Re: Difficulties with ulog / NFCT
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Difficulties with ulog / NFCT
- From: Alessandro Vesely <vesely@xxxxxxx>
- Resetting SKB CT
- From: Mathew Heard <me@xxxxxxxxxx>
- Problems with CONNTRACK --restore-mark
- From: Bernd Jerzyna <bjerzyna@xxxxxxxxx>
- Difficulties with ulog / NFCT
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: nfnetlink: This library is not meant as a public API for application developers.
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
- Re: [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- nfnetlink: This library is not meant as a public API for application developers.
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: manipulating the ttl
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
- From: Youseok Yang <ileixe@xxxxxxxxx>
- Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
- From: Youseok Yang <ileixe@xxxxxxxxx>
- Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: "" <kfm@xxxxxxxxxxxxx>
- [nftables 0.9.2] does jump require a kconf to be set to get it working?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
- From: 양유석 <ileixe@xxxxxxxxx>
- iptables MASQUERADE considering route source hints
- From: Max Stritzinger <max@xxxxxxxxx>
- Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
- From: 양유석 <ileixe@xxxxxxxxx>
- Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
- From: 양유석 <ileixe@xxxxxxxxx>
- Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
- From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
- Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
- From: 양유석 <ileixe@xxxxxxxxx>
- Does anybody experience kernel crush when 'ebtable -t nat -L'
- From: 양유석 <ileixe@xxxxxxxxx>
- Re: Compiling nftables with stack-protector-strong fails checksec's canary check
- From: Glen Huang <heyhgl@xxxxxxxxx>
- Compiling nftables with stack-protector-strong fails checksec's canary check
- From: Glen Huang <heyhgl@xxxxxxxxx>
- [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- nftables "native interface" for IPv6 NPT?
- From: Haochen Tong <i@xxxxxxxxxxxx>
- Netfilter state synchronisation in IPv6 only networks?
- From: Nico Schottelius <nico.schottelius@xxxxxxxxxxx>
- Re: Metering is not working with dynamic sets on nft v0.9.2
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Metering is not working with dynamic sets on nft v0.9.2
- From: darius <dram@xxxxxxxxxxx>
- Re: [firewall context] packet presentation for dual WAN interfaces on the same link - eth <> pppoe?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- [firewall context] packet presentation for dual WAN interfaces on the same link - eth <> pppoe?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: Redirect bridged traffic
- From: Jaga Doe <jaga.doe@xxxxxxx>
- Re: Metering is not working with dynamic sets on nft v0.9.2
- From: Darius <dram@xxxxxxxxxxx>
- Re: Metering is not working with dynamic sets on nft v0.9.2
- From: Darius <dram@xxxxxxxxxxx>
- Re: Metering is not working with dynamic sets on nft v0.9.2
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Metering is not working with dynamic sets on nft v0.9.2
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Metering is not working with dynamic sets on nft v0.9.2
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Metering is not working with dynamic sets on nft v0.9.2
- From: darius <dram@xxxxxxxxxxx>
- [nftables] inherent benefits from XDP?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables v0.9.2] inet <> ip | ip6 family tables processing order?
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: Redirect bridged traffic
- From: Jaga Doe <jaga.doe@xxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables] xtables-addons - GeoIP/ASN filter and lscan replicable?
- From: pauloric@xxxxxxxxxxxxxxxx
- Re: Redirect bridged traffic
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Redirect bridged traffic
- From: Jaga Doe <jaga.doe@xxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
- From: "" <kfm@xxxxxxxxxxxxx>
- [nftables] xtables-addons - GeoIP/ASN filter and lscan replicable?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: Redirect bridged traffic
- From: Florian Westphal <fw@xxxxxxxxx>
- Redirect bridged traffic
- From: Jaga Doe <jaga.doe@xxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
- From: Florian Westphal <fw@xxxxxxxxx>
- [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables v0.9.2] inet <> ip | ip6 family tables processing order?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nftables v0.9.2] inet <> ip | ip6 family tables processing order?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: BNF for nftables?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables routing decision
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [nftables v0.9.2] inet <> ip | ip6 family tables processing order?
- From: Florian Westphal <fw@xxxxxxxxx>
- [nftables v0.9.2] inet <> ip | ip6 family tables processing order?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- [nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [MAINTENANCE] migrating git.netfilter.org
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [MAINTENANCE] migrating git.netfilter.org
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [MAINTENANCE] migrating git.netfilter.org
- From: José M. Guisado <guigom@xxxxxxxxxx>
- nftables simple configuration
- From: Jaga Doe <jaga.doe@xxxxxxx>
- nftables routing decision
- From: Иванов Роман <krey@xxxxxxxxxx>
- Re: Lint for nftables
- From: Paweł Krawczyk <pawel.krawczyk@xxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
- From: "" <kfm@xxxxxxxxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
- From: "" <kfm@xxxxxxxxxxxxx>
- [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Is it possible to differentiate a nmap port scan from a syn flood attack?
- From: Miriam Rico <miriam.rico@xxxxxxxxxxxx>
- Re: Lint for nftables
- From: Florian Westphal <fw@xxxxxxxxx>
- Lint for nftables
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- BNF for nftables?
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: [nftables v0.9.2] hoplimit mutually exclusive with with saddr/daddr?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- [nftables v0.9.2] hoplimit mutually exclusive with with saddr/daddr?
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: nft -f fails to merge some chains in same table but defined in separate blocks
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- nft -f fails to merge some chains in same table but defined in separate blocks
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- [MAINTENANCE] migrating git.netfilter.org
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables atomic updates
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Re: nftables atomic updates
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- nftables atomic updates
- From: Frank Myhr <fmyhr@xxxxxxxxxxx>
- Multiples Chain with same hook - Default-Behavior?
- From: Thomas Luening <toml@xxxxxxx>
- Re: nft icmp type all?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft icmp type all?
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
- Re: nft icmp type all?
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
- Re: Bulk loading of IP addresses or subnets in nftables?
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: nft multiple port exception
- From: "" <kfm@xxxxxxxxxxxxx>
- nft multiple port exception
- From: "david@xxxxxxxxx" <david@xxxxxxxxx>
- Re: Bulk loading of IP addresses or subnets in nftables?
- From: "" <kfm@xxxxxxxxxxxxx>
- Bulk loading of IP addresses or subnets in nftables?
- From: Lars Noodén <lars.nooden@xxxxxxx>
- Re: nft icmp type all?
- From: Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx>
- Re: nftables: Allow NAT Access with Timeout
- From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
- Re: manipulating the ttl
- From: Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx>
- manipulating the ttl
- From: Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx>
- Re: TCP 4 way handshake or TCP Split Handshake Attack
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft icmp type all?
- From: "" <kfm@xxxxxxxxxxxxx>
- nft icmp type all?
- From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
- Re: TCP 4 way handshake or TCP Split Handshake Attack
- From: Fatih USTA <fatihusta86@xxxxxxxxx>
- Re: TCP 4 way handshake or TCP Split Handshake Attack
- From: Florian Westphal <fw@xxxxxxxxx>
- TCP 4 way handshake or TCP Split Handshake Attack
- From: Fatih USTA <fatihusta86@xxxxxxxxx>
- Policy routing Docker host not forwarding return traffic if marked
- From: Felipe Arturo Polanco <felipeapolanco@xxxxxxxxx>
- AW: nftables equivalent for iptables -m recent
- From: "Sig Pam" <spam@xxxxxxxxx>
- Re: nftables: Allow NAT Access with Timeout
- From: "" <kfm@xxxxxxxxxxxxx>
- nftables: Allow NAT Access with Timeout
- From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
- Re: nftables equivalent for iptables -m recent
- From: "" <kfm@xxxxxxxxxxxxx>
- nftables equivalent for iptables -m recent
- From: "Sig Pam" <spam@xxxxxxxxx>
- Re: nftables static routing fails
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables static routing fails
- From: david NEW <david@xxxxxxxxx>
- Re: nftables static routing fails
- From: Daniel <tech@xxxxxxxxxx>
- Re: nftables static routing fails
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables static routing fails
- From: david NEW <david@xxxxxxxxx>
- [ANNOUNCE] ipset 7.5 released
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: nft script file, using include with wildcards
- From: Florian Westphal <fw@xxxxxxxxx>
- nft script file, using include with wildcards
- From: Alberto Spin <a.spin@xxxxxxxxxxx>
- Re: Assertion error when using map
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Assertion error when using map
- From: Changli Gao <xiaosuo@xxxxxxxxx>
- Re: Assertion error when using map
- From: Florian Westphal <fw@xxxxxxxxx>
- IPv6 parsing issues in conntrackd?
- From: Nico Schottelius <nico.schottelius@xxxxxxxxxxx>
- nftables with secmark and ipsec
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
- Assertion error when using map
- From: Changli Gao <xiaosuo@xxxxxxxxx>
- Re: [nft 0.9.2] cannot get sets to work - Error: Could not process rule: Not supported
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nft 0.9.2] cannot get sets to work - Error: Could not process rule: Not supported
- From: "" <kfm@xxxxxxxxxxxxx>
- [nft 0.9.2] cannot get sets to work - Error: Could not process rule: Not supported
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: RFC -- IPTABLES vs NFTABLES vs BPFILTER
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- RFC -- IPTABLES vs NFTABLES vs BPFILTER
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Tom Yan <tom.ty89@xxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Tom Yan <tom.ty89@xxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Thomas Korimort <tomkori@xxxxxxx>
- Weird/High CPU usage caused by LOG target
- From: Tom Yan <tom.ty89@xxxxxxxxx>
- geoip not working as expected
- From: Felix <felix@xxxxxxxx>
- Re: trying to duplicate udp packets destined for port 67 to port 6767 on same host
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- trying to duplicate udp packets destined for port 67 to port 6767 on same host
- From: Mike <mike@xxxxxxxxxx>
- xt_cluster for IPv6
- From: Valentin Vidić <vvidic@xxxxxxxxxxxxxxxxxxxxxx>
- How to forward marked packets with same local IP?
- From: Felipe Arturo Polanco <felipeapolanco@xxxxxxxxx>
- [PATCH] nftables: Bump dependency on libnftnl to 1.1.5
- From: Jan-Philipp Litza <jpl@xxxxxxxxx>
- Re: [ANNOUNCE] nftables 0.9.3 release
- From: Paweł Krawczyk <pawel.krawczyk@xxxxxxxx>
- Re: nftables: No prefixes in anonymous sets?
- From: Jan-Philipp Litza <jpl+direct@xxxxxxxxx>
- Re: [ANNOUNCE] ebtables 2.0.11 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] nftables 0.9.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: No prefixes in anonymous sets?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [ANNOUNCE] ebtables 2.0.11 release
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [ANNOUNCE] iptables 1.8.4 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- [ANNOUNCE] ebtables 2.0.11 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] arptables 0.0.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.1.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nftables: No prefixes in anonymous sets?
- From: Jan-Philipp Litza <jpl+direct@xxxxxxxxx>
- Re: WARNING: CPU: 9 PID: 0 at net/netfilter/nf_conntrack_core.c:977 __nf_conntrack_confirm+0x4e5/0x6f0 [nf_conntrack]
- From: Harald Dunkel <harald.dunkel@xxxxxxxxxx>
- Re: WARNING: CPU: 9 PID: 0 at net/netfilter/nf_conntrack_core.c:977 __nf_conntrack_confirm+0x4e5/0x6f0 [nf_conntrack]
- From: Harald Dunkel <harald.dunkel@xxxxxxxxxx>
- WARNING: CPU: 9 PID: 0 at net/netfilter/nf_conntrack_core.c:977 __nf_conntrack_confirm+0x4e5/0x6f0 [nf_conntrack]
- From: Harald Dunkel <harald.dunkel@xxxxxxxxxx>
- Re: Mysql has problem with synproxy
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Netfilter hook doesn't see all packets
- From: Psyspy rambo <psyspy2020@xxxxxxxxx>
- Re: Netfilter hook doesn't see all packets
- From: Psyspy rambo <psyspy2020@xxxxxxxxx>
- Re: Netfilter hook doesn't see all packets
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Netfilter hook doesn't see all packets
- From: Psyspy rambo <psyspy2020@xxxxxxxxx>
- Re: Netfilter hook doesn't see all packets
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: Doubts about netfilter + nftables and module
- From: Elias Valea Peri <eliasvp@xxxxxxxxx>
- Re: Doubts about netfilter + nftables and module
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Re: One more application available for nftables
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: Netfilter hook doesn't see all packets
- From: Psyspy rambo <psyspy2020@xxxxxxxxx>
- Re: One more application available for nftables
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Doubts about netfilter + nftables and module
- From: Elias Valea Peri <eliasvp@xxxxxxxxx>
- How to prevent SNAT rules from being applied to 'ICMP time exceeded' responses?
- From: Gordon Fish <gordfisherman@xxxxxxxxx>
- Re: One more application available for nftables
- From: Alessandro Vesely <vesely@xxxxxxx>
- Mysql has problem with synproxy
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: One more application available for nftables
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: Upgrading libnetfilter_queue to use nftables
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Netfilter hook doesn't see all packets
- From: Psyspy rambo <psyspy2020@xxxxxxxxx>
- One more application available for nftables
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: ipset bitmap:port question
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: ipset bitmap:port question
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: ipset bitmap:port question
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: ipset bitmap:port question
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Upgrading libnetfilter_queue to use nftables
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Upgrading libnetfilter_queue to use nftables
- From: Florian Westphal <fw@xxxxxxxxx>
- ipset bitmap:port question
- From: A L <mail@xxxxxxxxxxxxxx>
- Upgrading libnetfilter_queue to use nftables
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Trouble getting SYNPROXY to work.
- From: Pierluigi Frullani Sinergy <p.frullani@xxxxxxxxxx>
- Re: Trouble getting SYNPROXY to work.
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
- Re: Trouble getting SYNPROXY to work.
- From: Pigi <pigi@xxxxxxxxx>
- Re: Trouble getting SYNPROXY to work.
- From: Fatih USTA <fatihusta86@xxxxxxxxx>
- Trouble getting SYNPROXY to work.
- From: Pigi <pigi@xxxxxxxxx>
- Re: ebtables dnat rule gets system frozen
- From: Florian Westphal <fw@xxxxxxxxx>
- ebtables dnat rule gets system frozen
- From: Tom Yan <tom.ty89@xxxxxxxxx>
- Length module, docs "incorrect" or something else?
- From: Andreas Sikkema <ramdyne@xxxxxxx>
- [ANNOUNCE] ipset 7.4 released
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: IPv6 nft vs ip6tables - Local incompatibility ?
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- Distinguish local from routed traffic
- From: Robert Dahlem <Robert.Dahlem@xxxxxxx>
- Re: IPv6 nft vs ip6tables - Local incompatibility ?
- From: Florian Westphal <fw@xxxxxxxxx>
- IPv6 nft vs ip6tables - Local incompatibility ?
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- Re: Named sets with timeout
- From: Laura Garcia <nevola@xxxxxxxxx>
- Re: Named sets with timeout
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: Named sets with timeout
- From: Laura Garcia <nevola@xxxxxxxxx>
- Re: Named sets with timeout
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Named sets with timeout
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Named sets with timeout
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
- Been having mail server issues so been unable to reply properly
- From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- understanding my MASQURADING and SNAT problem
- From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
- Re: nftables v0.9.0 netlink: Error: set is not a map
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- How to implement transparent proxy in bridge through nftables
- From: Ttttabcd <ttttabcd@xxxxxxxxxxxxxx>
- Re: nftables v0.9.0 netlink: Error: set is not a map
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Snapped nftables
- From: Paweł Krawczyk <pawel.krawczyk@xxxxxxxx>
- nftables v0.9.0 netlink: Error: set is not a map
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- CFS for Netdev 0x14 open!
- From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
- Status of BPFilter?
- From: A L <mail@xxxxxxxxxxxxxx>
- Counting over a bridge
- From: Cristian Morales Vega <christian.morales.vega@xxxxxxxxx>
- Re: flowtable breaks masquerade for dnat flows
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft and defined variables
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- Re: nft and defined variables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- flowtable breaks masquerade for dnat flows
- From: "Jonathan Rudenberg" <jonathan@xxxxxxxxxxxx>
- Re: nft - execute command without returning error
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- syn-flag-check from outside not working
- From: Thomas Luening <toml@xxxxxxx>
- nft - execute command without returning error
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- nft and defined variables
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- Re: nft tproxy without iproute2 rule
- From: Norman Rasmussen <norman@xxxxxxxxxxxxxxx>
- Re: nft -- documentation on fib_addrtype missing, more data
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: nft -- documentation on fib_addrtype missing, more data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft -- documentation on fib_addrtype missing, more data
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft -- documentation on fib_addrtype missing, more data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft -- documentation on fib_addrtype missing
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- nft -- documentation on fib_addrtype missing, more data
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- nft -- documentation on fib_addrtype missing
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: nft tproxy without iproute2 rule
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft: auto-merge set doesn't merge overlapping intervals
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft tproxy without iproute2 rule
- From: Norman Rasmussen <norman@xxxxxxxxxxxxxxx>
- TEE target and gateway as MAC address
- From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: sean darcy <seandarcy2@xxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Anton Rieger <rieger@xxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
- minor change recommendation for https://wiki.nftables.org
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Cannot add ip6 elements to a named set
- From: Florian Westphal <fw@xxxxxxxxx>
- Cannot add ip6 elements to a named set
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- nft: auto-merge set doesn't merge overlapping intervals
- From: Richard Stanway <r1ch@xxxxxxxxxxxxxx>
- How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- iptables TEE target and system slowdown
- From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
- Re: nft set elements: Comment not available for elements?
- From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
- NAT statements in nft command documentation are misleading
- From: Ted Roo <reject5514@xxxxxxxxx>
- Re: Intermix ip,ip6 saddr
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: Intermix ip,ip6 saddr
- From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
- Re: [PATCH] ipset: Add wildcard support to net,iface
- From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
- Re: [PATCH] ipset: Add wildcard support to net,iface
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH] ipset: Add wildcard support to net,iface
- From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
- Re: How is nftables + IFB
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: How is nftables + IFB
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
- Intermix ip,ip6 saddr
- From: Anton Rieger <rieger@xxxxxxxxx>
- Re: queue bypass not working?
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Regarding flowtables and conntrack
- From: Otto Reinikainen <ottorei@xxxxxxxxxxxxxx>
- queue bypass not working?
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- nft set elements: Comment not available for elements?
- From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
- Re: How is nftables + IFB
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- How is nftables + IFB
- From: John Mok <a9121431@xxxxxxxxx>
- sip helper work with tcp?
- From: "Brian J. Murrell" <brian@xxxxxxxxxxxxxxx>
- Re: Can't run meters example - "Could not process rule: Operation not supported"
- From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
- Re: Can't run meters example - "Could not process rule: Operation not supported"
- From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
- Re: Can't run meters example - "Could not process rule: Operation not supported"
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Can't run meters example - "Could not process rule: Operation not supported"
- From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
- Re: Can't run meters example - "Could not process rule: Operation not supported"
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Can't run meters example - "Could not process rule: Operation not supported"
- From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
- Re: Determine cgroup ID for nftables
- From: Pavel Volkov <sailor@xxxxxxxxxxxxxxxxxx>
- Re: Info on the "ct" selector
- From: Florian Westphal <fw@xxxxxxxxx>
- Registration in bugtracker not working
- From: Антон Блудов <anthony.bloodoff@xxxxxxxxx>
- Re: Determine cgroup ID for nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Info on the "ct" selector
- From: Thomas <tad1073@xxxxxxxxx>
- Determine cgroup ID for nftables
- From: Pavel Volkov <sailor@xxxxxxxxxxxxxxxxxx>
- server behind a nftables NAT
- From: Luke Whittlesey <luke.whittlesey@xxxxxxxxx>
- Re: Loading nft
- From: Jan Hauge <jha@xxxxxxx>
- Loading nft
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: ipt to nft
- From: Eric Garver <eric@xxxxxxxxxxx>
- Clarification on dynamic nft sets
- From: Damien Robert <damien.olivier.robert@xxxxxxxxx>
- ipt to nft
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: nftables.service - nftables - Active: active (exited) | nftables exits immediately in Debian server
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: nftables.service - nftables - Active: active (exited) | nftables exits immediately in Debian server
- From: Thomas Luening <toml@xxxxxxx>
- Re: nft ruleset help
- From: Thomas Luening <toml@xxxxxxx>
- Re: nft ruleset help
- From: Thomas <tad1073@xxxxxxxxx>
- nft ruleset help
- From: Thomas <tad1073@xxxxxxxxx>
- Re: HA firewall providing "masquerade": SNAT the only way to go?
- From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
- nftables.service - nftables - Active: active (exited) | nftables exits immediately in Debian server
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: Whither masquerading RANDOM_FULLY?
- From: Florian Westphal <fw@xxxxxxxxx>
- RE: Whither masquerading RANDOM_FULLY?
- From: "Mike Spreitzer" <mspreitz@xxxxxxxxxx>
- Re: Whither masquerading RANDOM_FULLY?
- From: Florian Westphal <fw@xxxxxxxxx>
- RE: Whither masquerading RANDOM_FULLY?
- From: "Mike Spreitzer" <mspreitz@xxxxxxxxxx>
- Re: Whither masquerading RANDOM_FULLY?
- From: Florian Westphal <fw@xxxxxxxxx>
- Whither masquerading RANDOM_FULLY?
- From: "Mike Spreitzer" <mspreitz@xxxxxxxxxx>
- Re: nftables Won't Restore with Timeout/Expire
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables Won't Restore with Timeout/Expire
- From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
- Re: Why MASQUERADE --to-ports ?
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: Why MASQUERADE --to-ports ?
- From: "Tom.L" <toml@xxxxxxx>
- Re: Why MASQUERADE --to-ports ?
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- Re: Why MASQUERADE --to-ports ?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Why MASQUERADE --to-ports ?
- From: "toml@xxxxxxx" <toml@xxxxxxx>
- Re: HA firewall providing "masquerade": SNAT the only way to go?
- From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
- Re: HA firewall providing "masquerade": SNAT the only way to go?
- From: Laura Garcia <nevola@xxxxxxxxx>
- HA firewall providing "masquerade": SNAT the only way to go?
- From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
- Re: Lightweight ipset API?
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Philip Schaten <philip@xxxxxxxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Philip Schaten <philip@xxxxxxxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Philip Schaten <philip@xxxxxxxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Philip Schaten <philip@xxxxxxxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Florian Westphal <fw@xxxxxxxxx>
- Packet Marks with UDP and portforwarding
- From: Philip Schaten <philip@xxxxxxxxxxxxxx>
- Re: Lightweight ipset API?
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- IPTV
- From: Info <info@xxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Laura Garcia <nevola@xxxxxxxxx>
- eBPF for firewalls?
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Lightweight ipset API?
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- Re: Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- [ANNOUNCE] nftables 0.9.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.1.4 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Fail2ban integration
- From: Nevo <nevo@xxxxxxxxx>
- Fail2ban integration
- From: Kim Lee <kim_lee@xxxxxxxxxx>
- Re: Filtering specific bytes from packet layer 7 payload
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- Re: Filtering specific bytes from packet layer 7 payload
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Filtering specific bytes from packet layer 7 payload
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- Re: issue with conntrackd wrt handling dead connections
- From: Michael Schnyder <mschnyder@xxxxxxxxxxxxxxxx>
- Filtering specific bytes from packet layer 7 payload
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- Re: issue with conntrackd wrt handling dead connections
- From: Florian Westphal <fw@xxxxxxxxx>
- issue with conntrackd wrt handling dead connections
- From: Michael Schnyder <mschnyder@xxxxxxxxxxxxxxxx>
- Re: nat INPUT chain not used for local-to-local packets
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: nftables Won't Restore with Timeout/Expire
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables Won't Restore with Timeout/Expire
- From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Laura Garcia <nevola@xxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Laura Garcia <nevola@xxxxxxxxx>
- meter in 0.9.1 (nft noob question)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- conntrack vs. ICMPv6 policy (RFC 4890)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- [PATCH v1 1/1] Simplify unpacking start/end tuples from database
- From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
- Re: nftables: one rule to rule them all?
- From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
- Re: nftables: one rule to rule them all?
- From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
- Re: nftables: one rule to rule them all?
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables: one rule to rule them all?
- From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
- Re: connlimit unexplained behaviour with local connections
- From: Nik <nik_cro@xxxxxxxxxxxxxx>
- Re: connlimit unexplained behaviour with local connections
- From: Florian Westphal <fw@xxxxxxxxx>
- connlimit unexplained behaviour with local connections
- From: Nik <nik_cro@xxxxxxxxxxxxxx>
- Re: "Byteorder mismatch" for "iifname {ppp*}"? (nft noob question)
- From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
- Re: "Byteorder mismatch" for "iifname {ppp*}"? (nft noob question)
- From: Florian Westphal <fw@xxxxxxxxx>
- "Byteorder mismatch" for "iifname {ppp*}"? (nft noob question)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- [ANNOUNCE] ipset 7.3 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: Backwards compatibility with iptables etc.
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Portknocking example wiki.nftables.org
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Re: one chain, two hooks (nft noob question)
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: iiftype loopback vs. iif lo (nft noob question)
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: ct state vmap (nft noob question)
- From: Florian Westphal <fw@xxxxxxxxx>
- one chain, two hooks (nft noob question)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: ct state vmap (nft noob question)
- From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
- Re: chain comments
- From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
- ct state vmap (nft noob question)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- iiftype loopback vs. iif lo (nft noob question)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Backwards compatibility with iptables etc.
- From: Hans Malissa <hmalissa76@xxxxxxxxx>
- Portknocking example wiki.nftables.org
- From: Matthias Maier <tamiko@xxxxxxxx>
- Re: nftables.service ".d" support
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nftables.service ".d" support
- From: Amish <anon.amish@xxxxxxxxx>
- Re: chain comments
- From: Florian Westphal <fw@xxxxxxxxx>
- chain comments
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- nftables.service ".d" support
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft version 0.9.1 add rule with match all using kernel 4.14
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- nft create chain in version 0.9.1?
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- [ANNOUNCE] New Netfilter core team member: Phil Sutter
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Re: 100% CPU utilization when running iptables (nft interface) as non-root user
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Nftables replacement for -j CT --notrack
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: Nftables replacement for -j CT --notrack
- From: Tomas Mudrunka <mudrunka@xxxxxxxxx>
- Re: Nftables replacement for -j CT --notrack
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Nftables replacement for -j CT --notrack
- From: Tomas Mudrunka <mudrunka@xxxxxxxxx>
- Traffic shaping and accounting using nftables (ISP scenario)
- From: Tomas Mudrunka <mudrunka@xxxxxxxxx>
- NFT ratelimit with arbitrary timeframe
- From: Tomas Mudrunka <mudrunka@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: 100% CPU utilization when running iptables (nft interface) as non-root user
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- 100% CPU utilization when running iptables (nft interface) as non-root user
- From: Amish <anon.amish@xxxxxxxxx>
- Re: NAT rules failing with kernel 5.2
- From: Amish <anon.amish@xxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Jakub Jankowski <shasta@xxxxxxxxxxx>
- Re: NAT rules failing with kernel 5.2
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Florian Westphal <fw@xxxxxxxxx>
- NAT rules failing with kernel 5.2
- From: Amish <anon.amish@xxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Jakub Jankowski <shasta@xxxxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: transparent proxy question
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: transparent proxy question
- From: Dk Jack <dnj0496@xxxxxxxxx>
- Re: transparent proxy question
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: transparent proxy question
- From: Dk Jack <dnj0496@xxxxxxxxx>
- Re: transparent proxy question
- From: Dk Jack <dnj0496@xxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Jakub Jankowski <shasta@xxxxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: nftables controlling IPv6 and iptables controlling IPv4 (possible?)
- From: Amish <anon.amish@xxxxxxxxx>
- Re: transparent proxy question
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables controlling IPv6 and iptables controlling IPv4 (possible?)
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Question about nf_conntrack_proto for IPsec
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Question about nf_conntrack_proto for IPsec
- From: Naruto Nguyen <narutonguyen2018@xxxxxxxxx>
- nftables controlling IPv6 and iptables controlling IPv4 (possible?)
- From: Amish <anon.amish@xxxxxxxxx>
- Re: transparent proxy question
- From: Dk Jack <dnj0496@xxxxxxxxx>
- 3-way handshake sets conntrack timeout to max_retrans
- From: Jakub Jankowski <shasta@xxxxxxxxxxx>
- Re: transparent proxy question
- From: Gregory Vander Schueren <gregory.vanderschueren@xxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- transparent proxy question
- From: Dk Jack <dnj0496@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Will Storey <will@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Will Storey <will@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Will Storey <will@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Connection timeouts due to INVALID state rule
- From: Will Storey <will@xxxxxxxxxxxxx>
- Migrating from iptables to nft
- From: James Courtier-Dutton <james.dutton@xxxxxxxxx>
- Re: [nft 0.9.0] MSS clamping producing Error: Could not process rule: No such file or directory
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- [nft 0.9.0] MSS clamping producing Error: Could not process rule: No such file or directory
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: Conntrack cannot delete connections
- From: Benny Lyne Amorsen <benny+usenet@xxxxxxxxxx>
- Re: Conntrack cannot delete connections
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Conntrack cannot delete connections
- From: Benny Lyne Amorsen <benny+usenet@xxxxxxxxxx>
- when nfqnl_test utility ( libnetfilter_queue project ) drops a packet the utility receives this packet again (in the loop)
- From: Valeri Sytnik <valeri.sytnik@xxxxxxxxx>
- Re: Question about nf_conntrack_proto for IPsec
- From: Florian Westphal <fw@xxxxxxxxx>
- Question about nf_conntrack_proto for IPsec
- From: Naruto Nguyen <narutonguyen2018@xxxxxxxxx>
- Two suggestions for the nftables wiki
- From: Elizondo Camacho <357efbc12@xxxxxxxxx>
- [ANNOUNCE] nftables 0.9.1 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: nft ct original oddity
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: nft ct original oddity
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft ct original oddity
- From: Florian Westphal <fw@xxxxxxxxx>
- nft ct original oddity
- From: Simon Kirby <sim@xxxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Moving from ipset to nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- [ANNOUNCE] ipset 7.2 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: "iam@xxxxxxxxxxx" <iam@xxxxxxxxxxx>
- Re: How to use concatenation ipv4_addr . inet_proto . inet_service
- From: Vladimir Khailenko <vkhailenko@xxxxxxxxx>
- Re: How to use concatenation ipv4_addr . inet_proto . inet_service
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: How to use concatenation ipv4_addr . inet_proto . inet_service
- From: Vladimir Khailenko <vkhailenko@xxxxxxxxx>
- Re: How to use concatenation ipv4_addr . inet_proto . inet_service
- From: Florian Westphal <fw@xxxxxxxxx>
- How to use concatenation ipv4_addr . inet_proto . inet_service
- From: Vladimir Khailenko <vkhailenko@xxxxxxxxx>
- Re: How to restore CONNMARKs in raw table?
- From: Felipe Arturo Polanco <felipeapolanco@xxxxxxxxx>
- Re: How to restore CONNMARKs in raw table?
- From: Fatih USTA <fatihusta86@xxxxxxxxx>
- Re: How to restore CONNMARKs in raw table?
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
- Re: How to restore CONNMARKs in raw table?
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
- How to restore CONNMARKs in raw table?
- From: Felipe Arturo Polanco <felipeapolanco@xxxxxxxxx>
- Re: iptables on kernel 5.1.x
- From: Nicolas Bock <nicolasbock@xxxxxxxxx>
- Re: iptables on kernel 5.1.x
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: iptables on kernel 5.1.x
- From: Dmitrii Tcvetkov <demfloro@xxxxxxxxxxx>
- Re: iptables on kernel 5.1.x
- From: Nicolas Bock <nicolasbock@xxxxxxxxx>
- Re: iptables on kernel 5.1.x
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Using SYN Proxy to protect servers that have different wscale
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- iptables on kernel 5.1.x
- From: Nicolas Bock <nicolasbock@xxxxxxxxx>
- Announcing Netdev 0x14
- From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
- [ANNOUNCE] iptables 1.8.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.1.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Netfilter + fail2ban + SSH in docker.... I am doing something wrong
- From: John Covici <covici@xxxxxxxxxxxxxx>
- Re: Using Map/Set from different table
- From: Florian Westphal <fw@xxxxxxxxx>
- Using Map/Set from different table
- From: Zheng konia <konianet@xxxxxxxxx>
- Content problem in Simple rule management - nftables wiki
- From: 林博仁 <buo.ren.lin@xxxxxxxxx>
- Re: Fwd: filter packet ip|fqdn http destination
- From: Robert White <rwhite@xxxxxxxxx>
- Re: Writing a userland IP network crypto using netfilter mangling
- From: Robert White <rwhite@xxxxxxxxx>
- Re: ESTABLISHED and ACK PSH
- From: Roman Serbski <mefystofel@xxxxxxxxx>
- Re: ESTABLISHED and ACK PSH
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- ESTABLISHED and ACK PSH
- From: Roman Serbski <mefystofel@xxxxxxxxx>
- Re: nat INPUT chain not used for local-to-local packets
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- replace iptables to nftables
- From: Thiago Anderson <sod.thiago@xxxxxxxxx>
- Re: nat INPUT chain not used for local-to-local packets
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nat INPUT chain not used for local-to-local packets
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: nat INPUT chain not used for local-to-local packets
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- nat INPUT chain not used for local-to-local packets
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- RE: How to debug iptables/conntrack?
- From: Dexuan Cui <decui@xxxxxxxxxxxxx>
- Re: How to debug iptables/conntrack?
- From: Florian Westphal <fw@xxxxxxxxx>
- How to debug iptables/conntrack?
- From: Dexuan Cui <decui@xxxxxxxxxxxxx>
- conntrackd.conf: multiple IP addresses in the IPv4_Destination_Address field
- From: Sergey Nikitin <oldnick.ru@xxxxxxxxx>
- Re: Using SYN Proxy to protect servers that have different wscale
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Using SYN Proxy to protect servers that have different wscale
- From: Florian Westphal <fw@xxxxxxxxx>
- Using SYN Proxy to protect servers that have different wscale
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Unable to build nftables from git
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Unable to build nftables from git
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Unable to build nftables from git
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Chain outbound
- From: Paul Fontenot <wpfontenot@xxxxxxxxxxx>
- "nft - f <file>" errors unless "nft flush ruleset" called first
- From: H Craig <hicksycle@xxxxxxxxx>
- Re: Chain outbound
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
- Re: Chain outbound
- From: Paul Fontenot <wpfontenot@xxxxxxxxxxx>
- Re: Chain outbound
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Chain outbound
- From: Paul Fontenot <wpfontenot@xxxxxxxxxxx>
- Chain outbound
- From: Paul Fontenot <wpfontenot@xxxxxxxxxxx>
- NFTables and Openvpn killswitch
- From: Paul Fontenot <wpfontenot@xxxxxxxxxxx>
- ip6 nat nftables trouble
- From: Frank Carmickle <frank@xxxxxxxxxxxxx>
- Re: loose/strict source route option filtering
- From: Stephen Suryaputra <ssuryaextr@xxxxxxxxx>
- Re: loose/strict source route option filtering
- From: John Haxby <john.haxby@xxxxxxxxxx>
- loose/strict source route option filtering
- From: Stephen Suryaputra <ssuryaextr@xxxxxxxxx>
- Re: filter packet ip|fqdn http destination
- From: Gianluca Gargiulo <gianluca.gargiulo@xxxxxxxxx>
- Re: filter packet ip|fqdn http destination
- From: Humberto Jucá <betolj@xxxxxxxxx>
- Fwd: filter packet ip|fqdn http destination
- From: Gianluca Gargiulo <gianluca.gargiulo@xxxxxxxxx>
- Re: Fwd: Re: iptables: undefined symbol: xtables_find_target_revision
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Fwd: Re: iptables: undefined symbol: xtables_find_target_revision
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- conntrack-tools: conntrackd returns "[ERROR] unknown layer 3 protocol"
- From: Daniel Thiele <dthiele@xxxxxxx>
- Re: iptables: undefined symbol: xtables_find_target_revision
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite News]
[Samba]
