Linux TCP/IP Netfilter
[Prev Page][Next Page]
- Re: nftables static routing fails
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables static routing fails
- From: david NEW <david@xxxxxxxxx>
- [ANNOUNCE] ipset 7.5 released
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: nft script file, using include with wildcards
- From: Florian Westphal <fw@xxxxxxxxx>
- nft script file, using include with wildcards
- From: Alberto Spin <a.spin@xxxxxxxxxxx>
- Re: Assertion error when using map
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Assertion error when using map
- From: Changli Gao <xiaosuo@xxxxxxxxx>
- Re: Assertion error when using map
- From: Florian Westphal <fw@xxxxxxxxx>
- IPv6 parsing issues in conntrackd?
- From: Nico Schottelius <nico.schottelius@xxxxxxxxxxx>
- nftables with secmark and ipsec
- From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
- Assertion error when using map
- From: Changli Gao <xiaosuo@xxxxxxxxx>
- Re: [nft 0.9.2] cannot get sets to work - Error: Could not process rule: Not supported
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: [nft 0.9.2] cannot get sets to work - Error: Could not process rule: Not supported
- From: "" <kfm@xxxxxxxxxxxxx>
- [nft 0.9.2] cannot get sets to work - Error: Could not process rule: Not supported
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: RFC -- IPTABLES vs NFTABLES vs BPFILTER
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- RFC -- IPTABLES vs NFTABLES vs BPFILTER
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Tom Yan <tom.ty89@xxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Tom Yan <tom.ty89@xxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Weird/High CPU usage caused by LOG target
- From: Thomas Korimort <tomkori@xxxxxxx>
- Weird/High CPU usage caused by LOG target
- From: Tom Yan <tom.ty89@xxxxxxxxx>
- geoip not working as expected
- From: Felix <felix@xxxxxxxx>
- Re: trying to duplicate udp packets destined for port 67 to port 6767 on same host
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- trying to duplicate udp packets destined for port 67 to port 6767 on same host
- From: Mike <mike@xxxxxxxxxx>
- xt_cluster for IPv6
- From: Valentin Vidić <vvidic@xxxxxxxxxxxxxxxxxxxxxx>
- How to forward marked packets with same local IP?
- From: Felipe Arturo Polanco <felipeapolanco@xxxxxxxxx>
- [PATCH] nftables: Bump dependency on libnftnl to 1.1.5
- From: Jan-Philipp Litza <jpl@xxxxxxxxx>
- Re: [ANNOUNCE] nftables 0.9.3 release
- From: Paweł Krawczyk <pawel.krawczyk@xxxxxxxx>
- Re: nftables: No prefixes in anonymous sets?
- From: Jan-Philipp Litza <jpl+direct@xxxxxxxxx>
- Re: [ANNOUNCE] ebtables 2.0.11 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] nftables 0.9.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables: No prefixes in anonymous sets?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: [ANNOUNCE] ebtables 2.0.11 release
- From: Jan Engelhardt <jengelh@xxxxxxx>
- [ANNOUNCE] iptables 1.8.4 release
- From: Phil Sutter <phil@xxxxxxxxxxxxx>
- [ANNOUNCE] ebtables 2.0.11 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] arptables 0.0.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.1.5 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nftables: No prefixes in anonymous sets?
- From: Jan-Philipp Litza <jpl+direct@xxxxxxxxx>
- Re: WARNING: CPU: 9 PID: 0 at net/netfilter/nf_conntrack_core.c:977 __nf_conntrack_confirm+0x4e5/0x6f0 [nf_conntrack]
- From: Harald Dunkel <harald.dunkel@xxxxxxxxxx>
- Re: WARNING: CPU: 9 PID: 0 at net/netfilter/nf_conntrack_core.c:977 __nf_conntrack_confirm+0x4e5/0x6f0 [nf_conntrack]
- From: Harald Dunkel <harald.dunkel@xxxxxxxxxx>
- WARNING: CPU: 9 PID: 0 at net/netfilter/nf_conntrack_core.c:977 __nf_conntrack_confirm+0x4e5/0x6f0 [nf_conntrack]
- From: Harald Dunkel <harald.dunkel@xxxxxxxxxx>
- Re: Mysql has problem with synproxy
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Netfilter hook doesn't see all packets
- From: Psyspy rambo <psyspy2020@xxxxxxxxx>
- Re: Netfilter hook doesn't see all packets
- From: Psyspy rambo <psyspy2020@xxxxxxxxx>
- Re: Netfilter hook doesn't see all packets
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Netfilter hook doesn't see all packets
- From: Psyspy rambo <psyspy2020@xxxxxxxxx>
- Re: Netfilter hook doesn't see all packets
- From: Gordon Fisher <gordfisherman@xxxxxxxxx>
- Re: Doubts about netfilter + nftables and module
- From: Elias Valea Peri <eliasvp@xxxxxxxxx>
- Re: Doubts about netfilter + nftables and module
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Re: One more application available for nftables
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: Netfilter hook doesn't see all packets
- From: Psyspy rambo <psyspy2020@xxxxxxxxx>
- Re: One more application available for nftables
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Doubts about netfilter + nftables and module
- From: Elias Valea Peri <eliasvp@xxxxxxxxx>
- How to prevent SNAT rules from being applied to 'ICMP time exceeded' responses?
- From: Gordon Fish <gordfisherman@xxxxxxxxx>
- Re: One more application available for nftables
- From: Alessandro Vesely <vesely@xxxxxxx>
- Mysql has problem with synproxy
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: One more application available for nftables
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: Upgrading libnetfilter_queue to use nftables
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Netfilter hook doesn't see all packets
- From: Psyspy rambo <psyspy2020@xxxxxxxxx>
- One more application available for nftables
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: ipset bitmap:port question
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: ipset bitmap:port question
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: ipset bitmap:port question
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: ipset bitmap:port question
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Upgrading libnetfilter_queue to use nftables
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Upgrading libnetfilter_queue to use nftables
- From: Florian Westphal <fw@xxxxxxxxx>
- ipset bitmap:port question
- From: A L <mail@xxxxxxxxxxxxxx>
- Upgrading libnetfilter_queue to use nftables
- From: Alessandro Vesely <vesely@xxxxxxx>
- Re: Trouble getting SYNPROXY to work.
- From: Pierluigi Frullani Sinergy <p.frullani@xxxxxxxxxx>
- Re: Trouble getting SYNPROXY to work.
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
- Re: Trouble getting SYNPROXY to work.
- From: Pigi <pigi@xxxxxxxxx>
- Re: Trouble getting SYNPROXY to work.
- From: Fatih USTA <fatihusta86@xxxxxxxxx>
- Trouble getting SYNPROXY to work.
- From: Pigi <pigi@xxxxxxxxx>
- Re: ebtables dnat rule gets system frozen
- From: Florian Westphal <fw@xxxxxxxxx>
- ebtables dnat rule gets system frozen
- From: Tom Yan <tom.ty89@xxxxxxxxx>
- Length module, docs "incorrect" or something else?
- From: Andreas Sikkema <ramdyne@xxxxxxx>
- [ANNOUNCE] ipset 7.4 released
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: IPv6 nft vs ip6tables - Local incompatibility ?
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- Distinguish local from routed traffic
- From: Robert Dahlem <Robert.Dahlem@xxxxxxx>
- Re: IPv6 nft vs ip6tables - Local incompatibility ?
- From: Florian Westphal <fw@xxxxxxxxx>
- IPv6 nft vs ip6tables - Local incompatibility ?
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- Re: Named sets with timeout
- From: Laura Garcia <nevola@xxxxxxxxx>
- Re: Named sets with timeout
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: Named sets with timeout
- From: Laura Garcia <nevola@xxxxxxxxx>
- Re: Named sets with timeout
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Named sets with timeout
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Named sets with timeout
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
- Been having mail server issues so been unable to reply properly
- From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: understanding my MASQURADING and SNAT problem
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- understanding my MASQURADING and SNAT problem
- From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
- Re: nftables v0.9.0 netlink: Error: set is not a map
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- How to implement transparent proxy in bridge through nftables
- From: Ttttabcd <ttttabcd@xxxxxxxxxxxxxx>
- Re: nftables v0.9.0 netlink: Error: set is not a map
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Snapped nftables
- From: Paweł Krawczyk <pawel.krawczyk@xxxxxxxx>
- nftables v0.9.0 netlink: Error: set is not a map
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- CFS for Netdev 0x14 open!
- From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
- Status of BPFilter?
- From: A L <mail@xxxxxxxxxxxxxx>
- Counting over a bridge
- From: Cristian Morales Vega <christian.morales.vega@xxxxxxxxx>
- Re: flowtable breaks masquerade for dnat flows
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft and defined variables
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- Re: nft and defined variables
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- flowtable breaks masquerade for dnat flows
- From: "Jonathan Rudenberg" <jonathan@xxxxxxxxxxxx>
- Re: nft - execute command without returning error
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- syn-flag-check from outside not working
- From: Thomas Luening <toml@xxxxxxx>
- nft - execute command without returning error
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- nft and defined variables
- From: Daniel Huhardeaux <tech@xxxxxxxxxx>
- Re: nft tproxy without iproute2 rule
- From: Norman Rasmussen <norman@xxxxxxxxxxxxxxx>
- Re: nft -- documentation on fib_addrtype missing, more data
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: nft -- documentation on fib_addrtype missing, more data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft -- documentation on fib_addrtype missing, more data
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft -- documentation on fib_addrtype missing, more data
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft -- documentation on fib_addrtype missing
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- nft -- documentation on fib_addrtype missing, more data
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- nft -- documentation on fib_addrtype missing
- From: Stephen Satchell <list@xxxxxxxxxxxx>
- Re: nft tproxy without iproute2 rule
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nft: auto-merge set doesn't merge overlapping intervals
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft tproxy without iproute2 rule
- From: Norman Rasmussen <norman@xxxxxxxxxxxxxxx>
- TEE target and gateway as MAC address
- From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: sean darcy <seandarcy2@xxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Anton Rieger <rieger@xxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
- minor change recommendation for https://wiki.nftables.org
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Cannot add ip6 elements to a named set
- From: Florian Westphal <fw@xxxxxxxxx>
- Cannot add ip6 elements to a named set
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- nft: auto-merge set doesn't merge overlapping intervals
- From: Richard Stanway <r1ch@xxxxxxxxxxxxxx>
- How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- iptables TEE target and system slowdown
- From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
- Re: nft set elements: Comment not available for elements?
- From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
- NAT statements in nft command documentation are misleading
- From: Ted Roo <reject5514@xxxxxxxxx>
- Re: Intermix ip,ip6 saddr
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: Intermix ip,ip6 saddr
- From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
- Re: [PATCH] ipset: Add wildcard support to net,iface
- From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
- Re: [PATCH] ipset: Add wildcard support to net,iface
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [PATCH] ipset: Add wildcard support to net,iface
- From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
- Re: How is nftables + IFB
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: How is nftables + IFB
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
- Intermix ip,ip6 saddr
- From: Anton Rieger <rieger@xxxxxxxxx>
- Re: queue bypass not working?
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Regarding flowtables and conntrack
- From: Otto Reinikainen <ottorei@xxxxxxxxxxxxxx>
- queue bypass not working?
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- nft set elements: Comment not available for elements?
- From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
- Re: How is nftables + IFB
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- How is nftables + IFB
- From: John Mok <a9121431@xxxxxxxxx>
- sip helper work with tcp?
- From: "Brian J. Murrell" <brian@xxxxxxxxxxxxxxx>
- Re: Can't run meters example - "Could not process rule: Operation not supported"
- From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
- Re: Can't run meters example - "Could not process rule: Operation not supported"
- From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
- Re: Can't run meters example - "Could not process rule: Operation not supported"
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Can't run meters example - "Could not process rule: Operation not supported"
- From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
- Re: Can't run meters example - "Could not process rule: Operation not supported"
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Can't run meters example - "Could not process rule: Operation not supported"
- From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
- Re: Determine cgroup ID for nftables
- From: Pavel Volkov <sailor@xxxxxxxxxxxxxxxxxx>
- Re: Info on the "ct" selector
- From: Florian Westphal <fw@xxxxxxxxx>
- Registration in bugtracker not working
- From: Антон Блудов <anthony.bloodoff@xxxxxxxxx>
- Re: Determine cgroup ID for nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Info on the "ct" selector
- From: Thomas <tad1073@xxxxxxxxx>
- Determine cgroup ID for nftables
- From: Pavel Volkov <sailor@xxxxxxxxxxxxxxxxxx>
- server behind a nftables NAT
- From: Luke Whittlesey <luke.whittlesey@xxxxxxxxx>
- Re: Loading nft
- From: Jan Hauge <jha@xxxxxxx>
- Loading nft
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: ipt to nft
- From: Eric Garver <eric@xxxxxxxxxxx>
- Clarification on dynamic nft sets
- From: Damien Robert <damien.olivier.robert@xxxxxxxxx>
- ipt to nft
- From: Matt <matt-nft@xxxxxxxxxxxx>
- Re: nftables.service - nftables - Active: active (exited) | nftables exits immediately in Debian server
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: nftables.service - nftables - Active: active (exited) | nftables exits immediately in Debian server
- From: Thomas Luening <toml@xxxxxxx>
- Re: nft ruleset help
- From: Thomas Luening <toml@xxxxxxx>
- Re: nft ruleset help
- From: Thomas <tad1073@xxxxxxxxx>
- nft ruleset help
- From: Thomas <tad1073@xxxxxxxxx>
- Re: HA firewall providing "masquerade": SNAT the only way to go?
- From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
- nftables.service - nftables - Active: active (exited) | nftables exits immediately in Debian server
- From: Jags <TheJags@xxxxxxxxxxxxxx>
- Re: Whither masquerading RANDOM_FULLY?
- From: Florian Westphal <fw@xxxxxxxxx>
- RE: Whither masquerading RANDOM_FULLY?
- From: "Mike Spreitzer" <mspreitz@xxxxxxxxxx>
- Re: Whither masquerading RANDOM_FULLY?
- From: Florian Westphal <fw@xxxxxxxxx>
- RE: Whither masquerading RANDOM_FULLY?
- From: "Mike Spreitzer" <mspreitz@xxxxxxxxxx>
- Re: Whither masquerading RANDOM_FULLY?
- From: Florian Westphal <fw@xxxxxxxxx>
- Whither masquerading RANDOM_FULLY?
- From: "Mike Spreitzer" <mspreitz@xxxxxxxxxx>
- Re: nftables Won't Restore with Timeout/Expire
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables Won't Restore with Timeout/Expire
- From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
- Re: Why MASQUERADE --to-ports ?
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: Why MASQUERADE --to-ports ?
- From: "Tom.L" <toml@xxxxxxx>
- Re: Why MASQUERADE --to-ports ?
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- Re: Why MASQUERADE --to-ports ?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Why MASQUERADE --to-ports ?
- From: "toml@xxxxxxx" <toml@xxxxxxx>
- Re: HA firewall providing "masquerade": SNAT the only way to go?
- From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
- Re: HA firewall providing "masquerade": SNAT the only way to go?
- From: Laura Garcia <nevola@xxxxxxxxx>
- HA firewall providing "masquerade": SNAT the only way to go?
- From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
- Re: Lightweight ipset API?
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Philip Schaten <philip@xxxxxxxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Philip Schaten <philip@xxxxxxxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Philip Schaten <philip@xxxxxxxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Philip Schaten <philip@xxxxxxxxxxxxxx>
- Re: Packet Marks with UDP and portforwarding
- From: Florian Westphal <fw@xxxxxxxxx>
- Packet Marks with UDP and portforwarding
- From: Philip Schaten <philip@xxxxxxxxxxxxxx>
- Re: Lightweight ipset API?
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- IPTV
- From: Info <info@xxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Laura Garcia <nevola@xxxxxxxxx>
- eBPF for firewalls?
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Lightweight ipset API?
- From: Ian Pilcher <arequipeno@xxxxxxxxx>
- Re: Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Re: Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- Re: Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
- From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
- Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
- From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
- [ANNOUNCE] nftables 0.9.2 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.1.4 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Fail2ban integration
- From: Nevo <nevo@xxxxxxxxx>
- Fail2ban integration
- From: Kim Lee <kim_lee@xxxxxxxxxx>
- Re: Filtering specific bytes from packet layer 7 payload
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- Re: Filtering specific bytes from packet layer 7 payload
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Filtering specific bytes from packet layer 7 payload
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- Re: issue with conntrackd wrt handling dead connections
- From: Michael Schnyder <mschnyder@xxxxxxxxxxxxxxxx>
- Filtering specific bytes from packet layer 7 payload
- From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
- Re: issue with conntrackd wrt handling dead connections
- From: Florian Westphal <fw@xxxxxxxxx>
- issue with conntrackd wrt handling dead connections
- From: Michael Schnyder <mschnyder@xxxxxxxxxxxxxxxx>
- Re: nat INPUT chain not used for local-to-local packets
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: nftables Won't Restore with Timeout/Expire
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables Won't Restore with Timeout/Expire
- From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Laura Garcia <nevola@xxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: meter in 0.9.1 (nft noob question)
- From: Laura Garcia <nevola@xxxxxxxxx>
- meter in 0.9.1 (nft noob question)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- conntrack vs. ICMPv6 policy (RFC 4890)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- [PATCH v1 1/1] Simplify unpacking start/end tuples from database
- From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
- Re: nftables: one rule to rule them all?
- From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
- Re: nftables: one rule to rule them all?
- From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
- Re: nftables: one rule to rule them all?
- From: Florian Westphal <fw@xxxxxxxxx>
- nftables: one rule to rule them all?
- From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
- Re: connlimit unexplained behaviour with local connections
- From: Nik <nik_cro@xxxxxxxxxxxxxx>
- Re: connlimit unexplained behaviour with local connections
- From: Florian Westphal <fw@xxxxxxxxx>
- connlimit unexplained behaviour with local connections
- From: Nik <nik_cro@xxxxxxxxxxxxxx>
- Re: "Byteorder mismatch" for "iifname {ppp*}"? (nft noob question)
- From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
- Re: "Byteorder mismatch" for "iifname {ppp*}"? (nft noob question)
- From: Florian Westphal <fw@xxxxxxxxx>
- "Byteorder mismatch" for "iifname {ppp*}"? (nft noob question)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- [ANNOUNCE] ipset 7.3 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: Backwards compatibility with iptables etc.
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Portknocking example wiki.nftables.org
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Re: one chain, two hooks (nft noob question)
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: iiftype loopback vs. iif lo (nft noob question)
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: ct state vmap (nft noob question)
- From: Florian Westphal <fw@xxxxxxxxx>
- one chain, two hooks (nft noob question)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: ct state vmap (nft noob question)
- From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
- Re: chain comments
- From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
- ct state vmap (nft noob question)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- iiftype loopback vs. iif lo (nft noob question)
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Backwards compatibility with iptables etc.
- From: Hans Malissa <hmalissa76@xxxxxxxxx>
- Portknocking example wiki.nftables.org
- From: Matthias Maier <tamiko@xxxxxxxx>
- Re: nftables.service ".d" support
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nftables.service ".d" support
- From: Amish <anon.amish@xxxxxxxxx>
- Re: chain comments
- From: Florian Westphal <fw@xxxxxxxxx>
- chain comments
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- nftables.service ".d" support
- From: trentbuck@xxxxxxxxx (Trent W. Buck)
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- Re: nft version 0.9.1 add rule with match all using kernel 4.14
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- nft version 0.9.1 add rule with match all using kernel 4.14
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- nft create chain in version 0.9.1?
- From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
- [ANNOUNCE] New Netfilter core team member: Phil Sutter
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Re: 100% CPU utilization when running iptables (nft interface) as non-root user
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Nftables replacement for -j CT --notrack
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: Nftables replacement for -j CT --notrack
- From: Tomas Mudrunka <mudrunka@xxxxxxxxx>
- Re: Nftables replacement for -j CT --notrack
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Nftables replacement for -j CT --notrack
- From: Tomas Mudrunka <mudrunka@xxxxxxxxx>
- Traffic shaping and accounting using nftables (ISP scenario)
- From: Tomas Mudrunka <mudrunka@xxxxxxxxx>
- NFT ratelimit with arbitrary timeframe
- From: Tomas Mudrunka <mudrunka@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: 100% CPU utilization when running iptables (nft interface) as non-root user
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- 100% CPU utilization when running iptables (nft interface) as non-root user
- From: Amish <anon.amish@xxxxxxxxx>
- Re: NAT rules failing with kernel 5.2
- From: Amish <anon.amish@xxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Jakub Jankowski <shasta@xxxxxxxxxxx>
- Re: NAT rules failing with kernel 5.2
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Florian Westphal <fw@xxxxxxxxx>
- NAT rules failing with kernel 5.2
- From: Amish <anon.amish@xxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Jakub Jankowski <shasta@xxxxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: transparent proxy question
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: transparent proxy question
- From: Dk Jack <dnj0496@xxxxxxxxx>
- Re: transparent proxy question
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: transparent proxy question
- From: Dk Jack <dnj0496@xxxxxxxxx>
- Re: transparent proxy question
- From: Dk Jack <dnj0496@xxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Jakub Jankowski <shasta@xxxxxxxxxxx>
- Re: 3-way handshake sets conntrack timeout to max_retrans
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: nftables controlling IPv6 and iptables controlling IPv4 (possible?)
- From: Amish <anon.amish@xxxxxxxxx>
- Re: transparent proxy question
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables controlling IPv6 and iptables controlling IPv4 (possible?)
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Question about nf_conntrack_proto for IPsec
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Question about nf_conntrack_proto for IPsec
- From: Naruto Nguyen <narutonguyen2018@xxxxxxxxx>
- nftables controlling IPv6 and iptables controlling IPv4 (possible?)
- From: Amish <anon.amish@xxxxxxxxx>
- Re: transparent proxy question
- From: Dk Jack <dnj0496@xxxxxxxxx>
- 3-way handshake sets conntrack timeout to max_retrans
- From: Jakub Jankowski <shasta@xxxxxxxxxxx>
- Re: transparent proxy question
- From: Gregory Vander Schueren <gregory.vanderschueren@xxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- transparent proxy question
- From: Dk Jack <dnj0496@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Will Storey <will@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Will Storey <will@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Will Storey <will@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
- Re: Connection timeouts due to INVALID state rule
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Connection timeouts due to INVALID state rule
- From: Will Storey <will@xxxxxxxxxxxxx>
- Migrating from iptables to nft
- From: James Courtier-Dutton <james.dutton@xxxxxxxxx>
- Re: [nft 0.9.0] MSS clamping producing Error: Could not process rule: No such file or directory
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- [nft 0.9.0] MSS clamping producing Error: Could not process rule: No such file or directory
- From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
- Re: Conntrack cannot delete connections
- From: Benny Lyne Amorsen <benny+usenet@xxxxxxxxxx>
- Re: Conntrack cannot delete connections
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Conntrack cannot delete connections
- From: Benny Lyne Amorsen <benny+usenet@xxxxxxxxxx>
- when nfqnl_test utility ( libnetfilter_queue project ) drops a packet the utility receives this packet again (in the loop)
- From: Valeri Sytnik <valeri.sytnik@xxxxxxxxx>
- Re: Question about nf_conntrack_proto for IPsec
- From: Florian Westphal <fw@xxxxxxxxx>
- Question about nf_conntrack_proto for IPsec
- From: Naruto Nguyen <narutonguyen2018@xxxxxxxxx>
- Two suggestions for the nftables wiki
- From: Elizondo Camacho <357efbc12@xxxxxxxxx>
- [ANNOUNCE] nftables 0.9.1 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: nft ct original oddity
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: nft ct original oddity
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nft ct original oddity
- From: Florian Westphal <fw@xxxxxxxxx>
- nft ct original oddity
- From: Simon Kirby <sim@xxxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Moving from ipset to nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Is this possible SYN Proxy bug?
- From: Florian Westphal <fw@xxxxxxxxx>
- Is this possible SYN Proxy bug?
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- [ANNOUNCE] ipset 7.2 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- Re: How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- How long TCP state change from SYN_RECV to ESTABLISHED should take?
- From: "iam@xxxxxxxxxxx" <iam@xxxxxxxxxxx>
- Re: How to use concatenation ipv4_addr . inet_proto . inet_service
- From: Vladimir Khailenko <vkhailenko@xxxxxxxxx>
- Re: How to use concatenation ipv4_addr . inet_proto . inet_service
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: How to use concatenation ipv4_addr . inet_proto . inet_service
- From: Vladimir Khailenko <vkhailenko@xxxxxxxxx>
- Re: How to use concatenation ipv4_addr . inet_proto . inet_service
- From: Florian Westphal <fw@xxxxxxxxx>
- How to use concatenation ipv4_addr . inet_proto . inet_service
- From: Vladimir Khailenko <vkhailenko@xxxxxxxxx>
- Re: How to restore CONNMARKs in raw table?
- From: Felipe Arturo Polanco <felipeapolanco@xxxxxxxxx>
- Re: How to restore CONNMARKs in raw table?
- From: Fatih USTA <fatihusta86@xxxxxxxxx>
- Re: How to restore CONNMARKs in raw table?
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
- Re: How to restore CONNMARKs in raw table?
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
- How to restore CONNMARKs in raw table?
- From: Felipe Arturo Polanco <felipeapolanco@xxxxxxxxx>
- Re: iptables on kernel 5.1.x
- From: Nicolas Bock <nicolasbock@xxxxxxxxx>
- Re: iptables on kernel 5.1.x
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: iptables on kernel 5.1.x
- From: Dmitrii Tcvetkov <demfloro@xxxxxxxxxxx>
- Re: iptables on kernel 5.1.x
- From: Nicolas Bock <nicolasbock@xxxxxxxxx>
- Re: iptables on kernel 5.1.x
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Using SYN Proxy to protect servers that have different wscale
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- iptables on kernel 5.1.x
- From: Nicolas Bock <nicolasbock@xxxxxxxxx>
- Announcing Netdev 0x14
- From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
- [ANNOUNCE] iptables 1.8.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- [ANNOUNCE] libnftnl 1.1.3 release
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Netfilter + fail2ban + SSH in docker.... I am doing something wrong
- From: John Covici <covici@xxxxxxxxxxxxxx>
- Re: Using Map/Set from different table
- From: Florian Westphal <fw@xxxxxxxxx>
- Using Map/Set from different table
- From: Zheng konia <konianet@xxxxxxxxx>
- Content problem in Simple rule management - nftables wiki
- From: 林博仁 <buo.ren.lin@xxxxxxxxx>
- Re: Fwd: filter packet ip|fqdn http destination
- From: Robert White <rwhite@xxxxxxxxx>
- Re: Writing a userland IP network crypto using netfilter mangling
- From: Robert White <rwhite@xxxxxxxxx>
- Re: ESTABLISHED and ACK PSH
- From: Roman Serbski <mefystofel@xxxxxxxxx>
- Re: ESTABLISHED and ACK PSH
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- ESTABLISHED and ACK PSH
- From: Roman Serbski <mefystofel@xxxxxxxxx>
- Re: nat INPUT chain not used for local-to-local packets
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- replace iptables to nftables
- From: Thiago Anderson <sod.thiago@xxxxxxxxx>
- Re: nat INPUT chain not used for local-to-local packets
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Re: nat INPUT chain not used for local-to-local packets
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: nat INPUT chain not used for local-to-local packets
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- nat INPUT chain not used for local-to-local packets
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- RE: How to debug iptables/conntrack?
- From: Dexuan Cui <decui@xxxxxxxxxxxxx>
- Re: How to debug iptables/conntrack?
- From: Florian Westphal <fw@xxxxxxxxx>
- How to debug iptables/conntrack?
- From: Dexuan Cui <decui@xxxxxxxxxxxxx>
- conntrackd.conf: multiple IP addresses in the IPv4_Destination_Address field
- From: Sergey Nikitin <oldnick.ru@xxxxxxxxx>
- Re: Using SYN Proxy to protect servers that have different wscale
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: Using SYN Proxy to protect servers that have different wscale
- From: Florian Westphal <fw@xxxxxxxxx>
- Using SYN Proxy to protect servers that have different wscale
- From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Unable to build nftables from git
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Unable to build nftables from git
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: What should happen when the size of a nftables set is reached?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Unable to build nftables from git
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Chain outbound
- From: Paul Fontenot <wpfontenot@xxxxxxxxxxx>
- "nft - f <file>" errors unless "nft flush ruleset" called first
- From: H Craig <hicksycle@xxxxxxxxx>
- Re: Chain outbound
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
- Re: Chain outbound
- From: Paul Fontenot <wpfontenot@xxxxxxxxxxx>
- Re: Chain outbound
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Chain outbound
- From: Paul Fontenot <wpfontenot@xxxxxxxxxxx>
- Chain outbound
- From: Paul Fontenot <wpfontenot@xxxxxxxxxxx>
- NFTables and Openvpn killswitch
- From: Paul Fontenot <wpfontenot@xxxxxxxxxxx>
- ip6 nat nftables trouble
- From: Frank Carmickle <frank@xxxxxxxxxxxxx>
- Re: loose/strict source route option filtering
- From: Stephen Suryaputra <ssuryaextr@xxxxxxxxx>
- Re: loose/strict source route option filtering
- From: John Haxby <john.haxby@xxxxxxxxxx>
- loose/strict source route option filtering
- From: Stephen Suryaputra <ssuryaextr@xxxxxxxxx>
- Re: filter packet ip|fqdn http destination
- From: Gianluca Gargiulo <gianluca.gargiulo@xxxxxxxxx>
- Re: filter packet ip|fqdn http destination
- From: Humberto Jucá <betolj@xxxxxxxxx>
- Fwd: filter packet ip|fqdn http destination
- From: Gianluca Gargiulo <gianluca.gargiulo@xxxxxxxxx>
- Re: Fwd: Re: iptables: undefined symbol: xtables_find_target_revision
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Fwd: Re: iptables: undefined symbol: xtables_find_target_revision
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- conntrack-tools: conntrackd returns "[ERROR] unknown layer 3 protocol"
- From: Daniel Thiele <dthiele@xxxxxxx>
- Re: iptables: undefined symbol: xtables_find_target_revision
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
- Re: Fwd: Re: iptables: undefined symbol: xtables_find_target_revision
- From: nhhabsburglothringen <nhhabsburglothringen@xxxxxxxxx>
- Re: Fwd: Re: iptables: undefined symbol: xtables_find_target_revision
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Fwd: Re: iptables: undefined symbol: xtables_find_target_revision
- From: nhhabsburglothringen <nhhabsburglothringen@xxxxxxxxx>
- Writing a userland IP network crypto using netfilter mangling
- From: Kees-Jan Hermans <kees.jan.hermans@xxxxxxxxx>
- Re: iptables: undefined symbol: xtables_find_target_revision
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- ESTABLISHED tcp conntrack timeout
- From: Naruto Nguyen <narutonguyen2018@xxxxxxxxx>
- Re: iptables: undefined symbol: xtables_find_target_revision
- From: nhhabsburglothringen <nhhabsburglothringen@xxxxxxxxx>
- iptables: undefined symbol: xtables_find_target_revision
- From: nhhabsburglothringen <nhhabsburglothringen@xxxxxxxxx>
- Re: Banning IP addresses with extended timeout
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- What should happen when the size of a nftables set is reached?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Questions concerning the netdev table of nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Limiting connections with nft
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Questions concerning the netdev table of nftables
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Banning IP addresses with extended timeout
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Limiting connections with nft
- From: Florian Westphal <fw@xxxxxxxxx>
- Limiting connections with nft
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: How to port "-m multiport ! --sports 80,443" to nftables?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Moving from ipset to nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Banning IP addresses with extended timeout
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Questions concerning the netdev table of nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- nft delete rule
- From: murugesh pitchaiah <murugesh.pitchaiah@xxxxxxxxx>
- Re: Unable to build nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Unable to build nftables
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Unable to build nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Unable to build nftables
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Unable to build nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: [Q:][IPv6-NAT]How to let inner-host reach outside by IPv6-NAT
- From: 马树超 <shuchao.max@xxxxxxxxx>
- Re: [Q:][IPv6-NAT]How to let inner-host reach outside by IPv6-NAT
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- [Q:][IPv6-NAT]How to let inner-host reach outside by IPv6-NAT
- From: 马树超 <shuchao.max@xxxxxxxxx>
- [PATCH v3 2/2] Keep unpacked directories, and detect latest for rebuilding
- From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
- [PATCH v3 1/2] Put database into country subdirectory
- From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
- [PATCH v3 0/2] Further improvements to GeoLite2 migration
- From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
- Re: Translate iptables command to set mss size to nftables
- From: Florian Westphal <fw@xxxxxxxxx>
- Translate iptables command to set mss size to nftables
- From: Tobias Tertel <tobias.tertel@xxxxxxxxxx>
- SV: Nftables Hash perturb and general math
- From: André Paulsberg-Csibi (IBM Consultant) <Andre.Paulsberg-Csibi@xxxxxxxx>
- Re: Nftables Hash perturb and general math
- From: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
- Nftables Hash perturb and general math
- From: Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx>
- Re: Netfilter + fail2ban + SSH in docker.... I am doing something wrong
- From: Felix Rubio <felix@xxxxxxxxx>
- Re: iptables to nftables question
- From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
- Re: Netfilter + fail2ban + SSH in docker.... I am doing something wrong
- From: n3phr0n <n3ph@xxxxxxxx>
- Netfilter + fail2ban + SSH in docker.... I am doing something wrong
- From: Felix Rubio Dalmau <felix@xxxxxxxxx>
- [ANNOUNCE] nftlb 0.4 release
- From: Laura Garcia <nevola@xxxxxxxxx>
- Netfilter + fail2ban + SSH in docker.... I am doing something wrong
- From: Felix Rubio Dalmau <felix@xxxxxxxxx>
- Re: iptables to nftables question
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- RE: iptables Configured ratelimit is not same as the rule shown in Rule display
- From: "Shivegowda, Naveen (Nokia - IN/Bangalore)" <naveen.shivegowda@xxxxxxxxx>
- Questions concerning the netdev table of nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: iptables to nftables question
- From: VDR User <user.vdr@xxxxxxxxx>
- iptables to nftables question
- From: Paul Fontenot <wpfontenot@xxxxxxxxxxx>
- How to efficiently collect nftables meter values?
- From: Piotr Jurkiewicz <piotr.jerzy.jurkiewicz@xxxxxxxxx>
- How to efficiently collect nftables meter values?
- From: Piotr Jurkiewicz <piotr.jerzy.jurkiewicz@xxxxxxxxx>
- Re: conntrackd - active/active asymmetric multi-path cluster - TCP SYN_SENT UNREPLIED
- From: Michael Gerlach | Reservix GmbH <michael.gerlach@xxxxxxxxxxx>
- Re: Nftables, netdev table, ingress hook and cgroup classes
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: [PATCH nf-next] netfilter: nft_osf: Add version option support
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: [PATCH 2/5 nft] json: osf: add version json support
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- [PATCH 4/5 nft] doc: add osf version option to man page
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- [PATCH 3/5 nft] tests: py: add osf tests with versions
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- [PATCH 1/5 nft] osf: add version fingerprint support
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- [PATCH 2/5 nft] json: osf: add version json support
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- [PATCH 5/5 nft] files: osf: update pf.os with newer OS fingerprints
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: [PATCH 2/5 nft] json: osf: add version json support
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- [PATCH libnftnl] expr: osf: add version option support
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- [PATCH nf-next] netfilter: nft_osf: Add version option support
- From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
- Re: Nftables, netdev table, ingress hook and cgroup classes
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Nftables, netdev table, ingress hook and cgroup classes
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables - unable to delete last element of map
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Nftables, netdev table, ingress hook and cgroup classes
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: A few questions concerning the "nft set" syntax
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Nftables, netdev table, ingress hook and cgroup classes
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- How to log network traffic through reading conntrack logging.
- From: Wambui Karuga <wambui.dev@xxxxxxxxx>
- SV: conntrackd - active/active asynchronous multi-path cluster - TCP SYN_SENT UNREPLIED
- From: André Paulsberg-Csibi (IBM Consultant) <Andre.Paulsberg-Csibi@xxxxxxxx>
- Re: nftables - unable to delete last element of map
- From: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
- Re: nftables - unable to delete last element of map
- From: Florian Westphal <fw@xxxxxxxxx>
- RE: [ANNOUNCE] ipset 7.1 released
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: unclear documentation with ipsec policy matcher
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: nftables - unable to delete last element of map
- From: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
- Re: unclear documentation with ipsec policy matcher
- From: Pierre Colombier <pcdwarf@xxxxxxxxxxx>
- Re: conntrackd - active/active asynchronous multi-path cluster - TCP SYN_SENT UNREPLIED
- From: n3phr0n <n3ph@xxxxxxxx>
- conntrackd - active/active asymmetric multi-path cluster - TCP SYN_SENT UNREPLIED
- From: n3phr0n <n3ph@xxxxxxxx>
- conntrackd - active/active asynchronous multi-path cluster - TCP SYN_SENT UNREPLIED
- From: n3phr0n <n3ph@xxxxxxxx>
- Re: iptables Configured ratelimit is not same as the rule shown in Rule display
- From: John Haxby <john.haxby@xxxxxxxxxx>
- iptables Configured ratelimit is not same as the rule shown in Rule display
- From: "Shivegowda, Naveen (Nokia - IN/Bangalore)" <naveen.shivegowda@xxxxxxxxx>
- Re: unclear documentation with ipsec policy matcher
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- unclear documentation with ipsec policy matcher
- From: Pierre Colombier <pcdwarf@xxxxxxxxxxx>
- Re: looking for help on applying fec to packets on an interface
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: looking for help on applying fec to packets on an interface
- From: dan <dandenson@xxxxxxxxx>
- A few questions concerning the "nft set" syntax
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: looking for help on applying fec to packets on an interface
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- RE: [ANNOUNCE] ipset 7.1 released
- From: <eliezer@xxxxxxxxxxxx>
- looking for help on applying fec to packets on an interface
- From: dan <dandenson@xxxxxxxxx>
- File handle leak in libnftables - nft_run_cmd_from_filename
- From: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
- Nftables help fordwarding lan traffic to namespace
- From: VDR User <user.vdr@xxxxxxxxx>
- Re: flowtable in only one direction ?
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- update on netdev 0x13 conference
- From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
- Re: flowtable in only one direction ?
- From: Florian Westphal <fw@xxxxxxxxx>
- [ANNOUNCE] 15th Netfilter Workshop in Malaga, Spain
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- flowtable in only one direction ?
- From: Sean Darcy <seandarcy2@xxxxxxxxx>
- conditional flowtable ??
- From: sean darcy <seandarcy2@xxxxxxxxx>
- "--weekdays Thu" seems to always trigger a match (even if it's not a Thursday)
- From: "K. de Jong" <kees.dejong+dev@xxxxxxxxxx>
- Re: nftables - unable to delete last element of map
- From: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
- Re: Question concerning expressions in the nftables rules
- From: Florian Westphal <fw@xxxxxxxxx>
- Question concerning expressions in the nftables rules
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: nftables - unable to delete last element of map
- From: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
- Re: nftables - unable to delete last element of map
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Englobe interfaces
- From: Miriam Rico <miriam.rico@xxxxxxxxxxxx>
- Re: nftables - unable to delete last element of map
- From: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
- nftables - unable to delete last element of map
- From: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
- Re: How to use SYNPROXY with nftables?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: How to use SYNPROXY with nftables?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: How to use SYNPROXY with nftables?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Unable to build nftables from git
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: How to use SYNPROXY with nftables?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Unable to build nftables from git
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Unable to build nftables from git
- From: Florian Westphal <fw@xxxxxxxxx>
- How to use SYNPROXY with nftables?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Unable to build nftables from git
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Nftables - can't flush table ip filter + expired certificate for netfilter.org
- From: Václav Zindulka <zindulka.vaclav@xxxxxxxxx>
- Re: Nftables - can't flush table ip filter + expired certificate for netfilter.org
- From: Florian Westphal <fw@xxxxxxxxx>
- Nftables - can't flush table ip filter + expired certificate for netfilter.org
- From: Václav Zindulka <zindulka.vaclav@xxxxxxxxx>
- Englobe interfaces
- From: Miriam Rico <miriam.rico@xxxxxxxxxxxx>
- Re: Use "flow-table" (meter) to block IPs
- From: Thomas Luening <toml@xxxxxxx>
- Re: Use "flow-table" (meter) to block IPs
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: weird issue with ebtables-restore
- From: Michael Taboada <michael@michaels.world>
- Re: synack packet invalid when client reconnecting with same src port because out of window?
- From: Dominique Martinet <asmadeus@xxxxxxxxxxxxx>
- Re: weird issue with ebtables-restore
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Use "flow-table" (meter) to block IPs
- From: Florian Westphal <fw@xxxxxxxxx>
- Use "flow-table" (meter) to block IPs
- From: Thomas Luening <toml@xxxxxxx>
- weird issue with ebtables-restore
- From: Michael Taboada <michael@michaels.world>
- Re: nftables "Set member cannot be prefix"
- From: "ad^2" <adsquaired@xxxxxxxxx>
- Re: synack packet invalid when client reconnecting with same src port because out of window?
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: synack packet invalid when client reconnecting with same src port because out of window?
- From: Dominique Martinet <asmadeus@xxxxxxxxxxxxx>
- Re: synack packet invalid when client reconnecting with same src port because out of window?
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: synack packet invalid when client reconnecting with same src port because out of window?
- From: Dominique Martinet <asmadeus@xxxxxxxxxxxxx>
- Re: synack packet invalid when client reconnecting with same src port because out of window?
- From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
- Re: nftables "Set member cannot be prefix"
- From: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
- synack packet invalid when client reconnecting with same src port because out of window?
- From: Dominique Martinet <asmadeus@xxxxxxxxxxxxx>
- General protection fault on boot.
- From: Daniel Palmer <daniel@xxxxxxxx>
- Fwd: nftables "Set member cannot be prefix"
- From: "ad^2" <adsquaired@xxxxxxxxx>
- Re: Forcing to accept packets on lower priorities
- From: Philipp Richter <richterphilipp.pops@xxxxxxxxx>
- Re: Flushing of the nftables rules takes a long time
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: No traction on default verdicts?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: No traction on default verdicts?
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Re: Forcing to accept packets on lower priorities
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Re: Flushing of the nftables rules takes a long time
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Re: nft 'ruleset'?
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Re: Conntrackd Fail Over Causing loss of network traffic
- From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
- Re: libnftables - undefined reference
- From: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
- Re: libnftables - undefined reference
- From: Florian Westphal <fw@xxxxxxxxx>
- libnftables - undefined reference
- From: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
- Forcing to accept packets on lower priorities
- From: Philipp Richter <richterphilipp.pops@xxxxxxxxx>
- Re: 4.19.12 (debian): nf_conncount_destroy: general protection fault
- From: Harald Dunkel <harald.dunkel@xxxxxxxxx>
- Re: 4.19.12 (debian): nf_conncount_destroy: general protection fault
- From: Florian Westphal <fw@xxxxxxxxx>
- 4.19.12 (debian): nf_conncount_destroy: general protection fault
- From: Harald Dunkel <harald.dunkel@xxxxxxxxx>
- Re: nftables equivalent for ebtables BROUTING trick?
- From: Sergey Venkov <sergey.venkov@xxxxxxxxx>
- Re: Checking amount of connections in New state
- From: Jurek Golonko <jgolonko@xxxxxxxxxx>
- Re: Checking amount of connections in New state
- From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
- Checking amount of connections in New state
- From: Jurek Golonko <jgolonko@xxxxxxxxxx>
- Re: Mismatch in Rules-Translation?
- From: Thomas Luening <toml@xxxxxxx>
- Re: Deleting tables from included files causes a kernel BUG
- From: zrm <zrm@xxxxxxxxxxxxxxx>
- Re: Deleting tables from included files causes a kernel BUG
- From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
- Re: Deleting tables from included files causes a kernel BUG
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Deleting tables from included files causes a kernel BUG
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Deleting tables from included files causes a kernel BUG
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Mismatch in Rules-Translation?
- From: Thomas Luening <toml@xxxxxxx>
- Re: Deleting tables from included files causes a kernel BUG
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Syntax-Error with a Rule?
- From: Thomas Luening <toml@xxxxxxx>
- Re: Deleting tables from included files causes a kernel BUG
- From: Florian Westphal <fw@xxxxxxxxx>
- Deleting tables from included files causes a kernel BUG
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: netfilter/iptable change interferes with lo interface rules
- From: J B <jb.1234abcd@xxxxxxxxx>
- Conntrackd Fail Over Causing loss of network traffic
- From: "Mathew Duggan" <mat@xxxxxxxxxxxxx>
- Re: Syntax-Error with a Rule?
- From: Florian Westphal <fw@xxxxxxxxx>
- Syntax-Error with a Rule?
- From: Thomas Luening <toml@xxxxxxx>
- Connection tracking packet accounting off by one
- From: halfdog <me@xxxxxxxxxxx>
- Re: netfilter/iptable change interferes with lo interface rules
- From: J B <jb.1234abcd@xxxxxxxxx>
- netfilter/iptable change interferes with lo interface rules
- From: J B <jb.1234abcd@xxxxxxxxx>
- ebtables dnat mac rewrite bonding interface
- From: F L <ackowa@xxxxxxxxx>
- Re: Weird priorities: priority filter, priority raw - 1, priority mangle, etc
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Question about log rate limiting
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Nftables consumes 500M+ of RAM
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Weird priorities: priority filter, priority raw - 1, priority mangle, etc
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: Question about log rate limiting
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables won't accept default very simple empty filter chains on Armbian/espressobin
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: nftables won't accept default very simple empty filter chains on Armbian/espressobin
- From: Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx>
- Re: nftables won't accept default very simple empty filter chains on Armbian/espressobin
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables won't accept default very simple empty filter chains on Armbian/espressobin
- From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
- Re: nftables won't accept default very simple empty filter chains on Armbian/espressobin
- From: Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx>
- Re: Question about log rate limiting
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- nftables won't accept default very simple empty filter chains on Armbian/espressobin
- From: Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx>
- Re: Question about log rate limiting
- From: Florian Westphal <fw@xxxxxxxxx>
- Question about log rate limiting
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Passive FTP not working with iptables
- From: Stefanie Leisestreichler <stefanie.leisestreichler@xxxxxxxxxxxxxx>
- Weird priorities: priority filter, priority raw - 1, priority mangle, etc
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Flushing of the nftables rules takes a long time
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Nftables consumes 500M+ of RAM
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Passive FTP not working with iptables
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Passive FTP not working with iptables
- From: Stefanie Leisestreichler <stefanie.leisestreichler@xxxxxxxxxxxxxx>
- Re: How to port "-m multiport ! --sports 80,443" to nftables?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: How to port "-m multiport ! --sports 80,443" to nftables?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: How to port "-m multiport ! --sports 80,443" to nftables?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: How to port "-m multiport ! --sports 80,443" to nftables?
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Passive FTP not working with iptables
- From: Bruno de Paula Larini <bruno.larini@xxxxxxxxxxxxxx>
- How to port "-m multiport ! --sports 80,443" to nftables?
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Moving from ipset to nftables
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Moving from ipset to nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: Moving from ipset to nftables
- From: Florian Westphal <fw@xxxxxxxxx>
- Re: Passive FTP not working with iptables
- From: Adel Belhouane <bugs.a.b@xxxxxxx>
- Re: Moving from ipset to nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Passive FTP not working with iptables
- From: Stefanie Leisestreichler <stefanie.leisestreichler@xxxxxxxxxxxxxx>
- Re: Moving from ipset to nftables
- From: Amish <anon.amish@xxxxxxxxx>
- Re: Moving from ipset to nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
- Re: problem with limit rate
- From: GM <grzesiek20@xxxxxx>
- Re: Moving from ipset to nftables
- From: Amish <anon.amish@xxxxxxxxx>
- Moving from ipset to nftables
- From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
[Index of Archives]
[LARTC]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite News]
[Samba]