Linux TCP/IP Netfilter

• Thread Index

• Re: nftables NAT & Gaming Consoles
  • From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
• -m statistic does not work with 5.6.8
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: [Help] Allow website using iptables
  • From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
• Re: Correct usage of nf_ct_get
  • From: b38911 Zxc <b38911@xxxxxxxxx>
• Re: [Help] Allow website using iptables
  • From: Mauricio Tavares <raubvogel@xxxxxxxxx>
• Re: [Help] Allow website using iptables
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: [Help] Allow website using iptables
  • From: Sơn Đỗ <sondd1096@xxxxxxxxx>
• Re: nftables NAT & Gaming Consoles
  • From: zrm <zrm@xxxxxxxxxxxxxxx>
• Re: nftables NAT & Gaming Consoles
  • From: zrm <zrm@xxxxxxxxxxxxxxx>
• nftables NAT & Gaming Consoles
  • From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
• Re: Firewall sometimes leaking [solved]
  • From: Nick <netfilter@xxxxxxxxxxx>
• Re: nftables: Strange Error When Adding Element to Named Set
  • From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
• Re: nftables: Strange Error When Adding Element to Named Set
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• nftables: Strange Error When Adding Element to Named Set
  • From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
• Correct usage of nf_ct_get
  • From: b38911 Zxc <b38911@xxxxxxxxx>
• Re: [Help] Allow website using iptables
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: Firewall sometimes leaking
  • From: Nick <netfilter@xxxxxxxxxxx>
• Re: Firewall sometimes leaking
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Firewall sometimes leaking
  • From: Nick <netfilter@xxxxxxxxxxx>
• Re: [Help] Allow website using iptables
  • From: John Haxby <john.haxby@xxxxxxxxxx>
• Re: [Help] Allow website using iptables
  • From: Lazuardi Nasution <mrxlazuardin@xxxxxxxxx>
• Re: [Help] Allow website using iptables
  • From: Alessandro Vesely <vesely@xxxxxxx>
• [Help] Allow website using iptables
  • From: Sơn Đỗ <sondd1096@xxxxxxxxx>
• Using the fib to classify endpoints.
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• Re: Documentation Error on http://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching
  • From: "" <kfm@xxxxxxxxxxxxx>
• Documentation Error on http://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching
  • From: Bob and Sally Public <bobandsally.public@xxxxxxxxxxx>
• Re: idempotent nft delete table? (or: why does "flush table" delete rules but keep chains?)
  • From: John Haxby <john.haxby@xxxxxxxxxx>
• Re: Is viewing a "candidate" ruleset in 'nft list ruleset' format possible?
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• idempotent nft delete table? (or: why does "flush table" delete rules but keep chains?)
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: nftables
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: nftables and traffic control utility to QoS
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: Is viewing a "candidate" ruleset in 'nft list ruleset' format possible?
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: Is viewing a "candidate" ruleset in 'nft list ruleset' format possible?
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: cannot create a nat type base (pre/post routing) chain
  • From: Norbert van Bolhuis <nvbolhuis@xxxxxxxxxxxx>
• Re: cannot create a nat type base (pre/post routing) chain
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: cannot create a nat type base (pre/post routing) chain
  • From: Norbert van Bolhuis <nvbolhuis@xxxxxxxxxxxx>
• cannot create a nat type base (pre/post routing) chain
  • From: Norbert van Bolhuis <nvbolhuis@xxxxxxxxxxxx>
• Re: nftables
  • From: Fatih USTA <fatihusta86@xxxxxxxxx>
• Re: nftables
  • From: Fatih USTA <fatihusta86@xxxxxxxxx>
• nftables
  • From: Patrick Greiff <Patrick7878@xxxxxx>
• Multicast routed packets do not get SNAT translation performed
  • From: Stephen Deiters <sdeiters@xxxxxxxxx>
• Questions around the use of timestamps
  • From: Nikolaos Kakouros <nkak@xxxxxx>
• nftables and traffic control utility to QoS
  • From: "d.gubin" <d.gubin@xxxxxxxxxxx>
• conntrack traffic statistics and connlabel
  • From: Fatih USTA <fatihusta86@xxxxxxxxx>
• Re: Is viewing a "candidate" ruleset in 'nft list ruleset' format possible?
  • From: Martin Gignac <martin.gignac@xxxxxxxxx>
• Re: has somebody an idea what fills up the log (5050/udp)?
  • From: zrm <zrm@xxxxxxxxxxxxxxx>
• has somebody an idea what fills up the log (5050/udp)?
  • From: "Walter H." <Walter.H@xxxxxxxxxxxxxxxxx>
• Re: Is viewing a "candidate" ruleset in 'nft list ruleset' format possible?
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: Is viewing a "candidate" ruleset in 'nft list ruleset' format possible?
  • From: Martin Gignac <martin.gignac@xxxxxxxxx>
• Re: query re dynamic set and limiting
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: Is viewing a "candidate" ruleset in 'nft list ruleset' format possible?
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• possible error in HOWTO
  • From: Fred Maranhão <fred.maranhao@xxxxxxxxx>
• Re: nfnetlink: This library is not meant as a public API for application developers.
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• ARP confirmed timestamp update on TCP data flow vs keep-alive
  • From: "Steffen Heil (Mailinglisten)" <lists@xxxxxxxxxxxxxxx>
• [PATCH v1 1/1] Update download script for DBIP database
  • From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
• [PATCH v1 1/1] update MaxMind URL's
  • From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
• [PATCH v1 1/1] Simplify unpacking start/end tuples from database
  • From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
• Is viewing a "candidate" ruleset in 'nft list ruleset' format possible?
  • From: Martin Gignac <martin.gignac@xxxxxxxxx>
• query re dynamic set and limiting
  • From: James Bond <jb666531@xxxxxxxxx>
• WARNING: at net/sched/sch_generic.c - Reproducible crash & rcu stalls
  • From: "Christopher S. Aker" <caker@xxxxxxxxxxxx>
• Re: nfnetlink: This library is not meant as a public API for application developers.
  • From: Alessandro Vesely <vesely@xxxxxxx>
• marking/routing packets breaks the conntrack rule for NAT
  • From: Mickael Bosch <mickael.bosch@xxxxxxxxxx>
• Re: nfnetlink: This library is not meant as a public API for application developers.
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Hello, I have some questions about flowtable.
  • From: James Bond <lfunwf@xxxxxxxxx>
• Re: [ANNOUNCE] nftlb 0.6 release
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: validate IPsec outgoing packets using NFtables
  • From: Florian Westphal <fw@xxxxxxxxx>
• validate IPsec outgoing packets using NFtables
  • From: Olivier Alabeatrix <oalabeatrix@xxxxxxxxx>
• Re: extending element timeout
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: extending element timeout
  • From: Alvaro Leiva <alvaroflmiranda@xxxxxxxxx>
• Re: extending element timeout
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: extending element timeout
  • From: Alvaro Leiva <alvaroflmiranda@xxxxxxxxx>
• Re: extending element timeout
  • From: Laura Garcia <nevola@xxxxxxxxx>
• extending element timeout
  • From: Alvaro Leiva <alvaroflmiranda@xxxxxxxxx>
• Re: [ANNOUNCE] nftables 0.9.4 release
  • From: Brett Mastbergen <bmastbergen@xxxxxxxxxxxx>
• Re: [ANNOUNCE] nftables 0.9.4 release
  • From: sbezverk <sbezverk@xxxxxxxxx>
• Re: [ANNOUNCE] nftables 0.9.4 release
  • From: Phil Sutter <phil@xxxxxx>
• Re: [ANNOUNCE] nftables 0.9.4 release
  • From: sbezverk <sbezverk@xxxxxxxxx>
• Re: [ANNOUNCE] nftables 0.9.4 release
  • From: Paweł Krawczyk <pawel.krawczyk@xxxxxxxx>
• [ANNOUNCE] conntrack-tools 1.4.6
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] libnetfilter_conntrack 1.0.8 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] libnftnl 1.1.6 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] nftables 0.9.4 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [ANNOUNCE] nftlb 0.6 release
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: [ANNOUNCE] nftlb 0.6 release
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• [ANNOUNCE] nftlb 0.6 release
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: What is the BEST GUI frontend to iptables firewall?
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: What is the BEST GUI frontend to iptables firewall?
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: [nftables 0.9.2 | flow table] dynamic (soft) NETDEV
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: What is the BEST GUI frontend to iptables firewall?
  • From: Eric Garver <eric@xxxxxxxxxxx>
• Re: What is the BEST GUI frontend to iptables firewall?
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: What is the BEST GUI frontend to iptables firewall?
  • From: Daniel <tech@xxxxxxxxxx>
• Re: What is the BEST GUI frontend to iptables firewall?
  • From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
• Re: What is the BEST GUI frontend to iptables firewall?
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: What is the BEST GUI frontend to iptables firewall?
  • From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
• Re: What is the BEST GUI frontend to iptables firewall?
  • From: Daniel <tech@xxxxxxxxxx>
• netem qdisc destroys traffic in other tc classes (HFSC classes)
  • From: <kaskada@xxxxxxxx>
• Re: What is the BEST GUI frontend to iptables firewall?
  • From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
• batch update of conntrack?
  • From: <kaskada@xxxxxxxx>
• Re: [nftables 0.9.2 | flow table] dynamic (soft) NETDEV
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: What is the BEST GUI frontend to iptables firewall?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2 | flow table] check whether it works?
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nftables 0.9.2 | flow table] check whether it works?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [libnftnl] documentation?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nftables 0.9.2 | flow table] check whether it works?
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [libnftnl] documentation?
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [libnftnl] documentation?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [libnftnl] documentation?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [libnftnl] documentation?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [libnftnl] documentation?
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• [libnftnl] documentation?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2 | flow table] check whether it works?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: A question about priority in chains
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: A question about priority in chains
  • From: darius <dram@xxxxxxxxxxx>
• Re: A question about priority in chains
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• A question about priority in chains
  • From: darius <dram@xxxxxxxxxxx>
• Re: tc question about ingress bandwidth splitting
  • From: Philip Prindeville <philipp_subx@xxxxxxxxxxxxxxxxxxxxx>
• Re: TCP and UDP dport in the same rule
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: TCP and UDP dport in the same rule
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: TCP and UDP dport in the same rule
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: TCP and UDP dport in the same rule
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: tc question about ingress bandwidth splitting
  • From: Marc SCHAEFER <schaefer@xxxxxxxxxxx>
• Re: tc question about ingress bandwidth splitting
  • From: Gáspár Lajos <swifty@xxxxxxxxx>
• Re: Ipv6tov4 address Dnat
  • From: Fatih USTA <fatihusta86@xxxxxxxxx>
• Ipv6tov4 address Dnat
  • From: Zheng konia <konianet@xxxxxxxxx>
• tc question about ingress bandwidth splitting
  • From: Philip Prindeville <philipp_subx@xxxxxxxxxxxxxxxxxxxxx>
• Re: TCP and UDP dport in the same rule
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: TCP and UDP dport in the same rule
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: TCP and UDP dport in the same rule
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: TCP and UDP dport in the same rule
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: TCP and UDP dport in the same rule
  • From: Darius <dram@xxxxxxxxxxx>
• [nftables 0.9.2 | flow table] check whether it works?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: TCP and UDP dport in the same rule
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: TCP and UDP dport in the same rule
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• TCP and UDP dport in the same rule
  • From: Darius <dram@xxxxxxxxxxx>
• Re: nftables 0.9.3, sets with concatentation
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: nftables 0.9.3, sets with concatentation
  • From: Stefan Hartmann <stefanh@xxxxxxxxxxxx>
• [nftables 0.9.2 | flow table] dynamic (soft) NETDEV
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: nftables 0.9.3, sets with concatentation
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: nftables 0.9.3, sets with concatentation
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: nftables 0.9.3, sets with concatentation
  • From: Florian Westphal <fw@xxxxxxxxx>
• nftables 0.9.3, sets with concatentation
  • From: Stefan Hartmann <stefanh@xxxxxxxxxxxx>
• Interface group ID in flow tables?
  • From: Robert White <rwhite@xxxxxxxxx>
• Boundary Flag for "site" (IPv6) [Kernel Change?]
  • From: Robert White <rwhite@xxxxxxxxx>
• Re: [nftables 0.9.2] NETDEV packet drop vs. packet capture visibility
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2] NETDEV packet drop vs. packet capture visibility
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [nftables 0.9.2] NETDEV packet drop vs. packet capture visibility
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2 | kernel 4.19.93] flowtable throws error on deployment (not on check however)
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2 | kernel 4.19.93] flowtable - number of devices limited (7)?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2 | kernel 4.19.93] flowtable throws error on deployment (not on check however)
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nftables 0.9.2 | kernel 4.19.93] flowtable - number of devices limited (7)?
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Advantage(s) of static over dynamic nftables sets?
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: Advantage(s) of static over dynamic nftables sets?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Advantage(s) of static over dynamic nftables sets?
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: Advantage(s) of static over dynamic nftables sets?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Advantage(s) of static over dynamic nftables sets?
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: Advantage(s) of static over dynamic nftables sets?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Advantage(s) of static over dynamic nftables sets?
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• [nftables 0.9.2 | kernel 4.19.93] flowtable throws error on deployment (not on check however)
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• [nftables 0.9.2 | kernel 4.19.93] flowtable - number of devices limited (7)?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2 | kernel 4.19.93] dropping ct state untracked stops ipv6 connectivity
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nftables 0.9.2 | kernel 4.19.93] dropping ct state untracked stops ipv6 connectivity
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2 | kernel 4.19.93] dropping ct state untracked stops ipv6 connectivity
  • From: Florian Westphal <fw@xxxxxxxxx>
• [nftables 0.9.2 | kernel 4.19.93] dropping ct state untracked stops ipv6 connectivity
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: nft ingress won't work on wireless ?
  • From: sean darcy <seandarcy2@xxxxxxxxx>
• Re: Waiting until first release of NFTABLES
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: Waiting until first release of NFTABLES
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• Re: use libiptc to build a rule to allow tftp traffic
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: use libiptc to build a rule to allow tftp traffic
  • From: Moyuan Chen <moyuan.chen@xxxxxxxxx>
• Re: Restoring rulesets containing dynamic sets with counters
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: Restoring rulesets containing dynamic sets with counters
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: Restoring rulesets containing dynamic sets with counters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Restoring rulesets containing dynamic sets with counters
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nft ingress won't work on wireless ?
  • From: sean darcy <seandarcy2@xxxxxxxxx>
• Restoring rulesets containing dynamic sets with counters
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• nftables wiki
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: nft ingress won't work on wireless ?
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nftables equivalent of "ipset test"?
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: nftables equivalent of "ipset test"?
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: nftables equivalent of "ipset test"?
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: nftables equivalent of "ipset test"?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nftables equivalent of "ipset test"?
  • From: "" <kfm@xxxxxxxxxxxxx>
• nftables equivalent of "ipset test"?
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: Found extra tables in nft ruleset
  • From: Lars Noodén <lars.nooden@xxxxxxx>
• Re: nft ingress won't work on wireless ?
  • From: sean darcy <seandarcy2@xxxxxxxxx>
• nft ingress won't work on wireless ?
  • From: sean darcy <seandarcy2@xxxxxxxxx>
• Re: Demystifying sets
  • From: jon_netfilter@xxxxxxxxxxxxxxxxx
• Re: use numgen to create address in rule
  • From: Dennett Ingram <d@xxxxxxxxxx>
• Re: use numgen to create address in rule
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Set timeout, gc-interval and size parameters
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• use numgen to create address in rule
  • From: Dennett Ingram <d@xxxxxxxxxx>
• Re: Found extra tables in nft ruleset
  • From: Lars Noodén <lars.nooden@xxxxxxx>
• Re: Found extra tables in nft ruleset
  • From: Florian Westphal <fw@xxxxxxxxx>
• Found extra tables in nft ruleset
  • From: Lars Noodén <lars.nooden@xxxxxxx>
• Re: Why inet table doesn't support nat prerouting chain?
  • From: Glen Huang <heyhgl@xxxxxxxxx>
• Re: Why inet table doesn't support nat prerouting chain?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Why inet table doesn't support nat prerouting chain?
  • From: Glen Huang <heyhgl@xxxxxxxxx>
• Re: Is it possible to get a transparent proxy with Redsocks when using the new nftables?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Is it possible to get a transparent proxy with Redsocks when using the new nftables?
  • From: Verachten Bruno <gounthar@xxxxxxxxx>
• LXD Container can't access trough host address
  • From: Franz Schneider <Franz.Schneider@xxxxxxxxxxxxx>
• Re: Is it possible to get a transparent proxy with Redsocks when using the new nftables?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Is it possible to get a transparent proxy with Redsocks when using the new nftables?
  • From: Verachten Bruno <gounthar@xxxxxxxxx>
• Re: nftables offload doesn't seem to work
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: Demystifying sets
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: nftables offload doesn't seem to work
  • From: Patrick McLean <chutzpah@xxxxxxxxxx>
• nftables offload doesn't seem to work
  • From: Patrick McLean <chutzpah@xxxxxxxxxx>
• Demystifying sets
  • From: jon_netfilter@xxxxxxxxxxxxxxxxx
• wiki acess
  • From: pauloric@xxxxxxxxxxxxxxxx
• Re: loadbalance with 2 or more links
  • From: Laura Garcia <nevola@xxxxxxxxx>
• loadbalance with 2 or more links
  • From: pauloric@xxxxxxxxxxxxxxxx
• Re: Waiting until first release of NFTABLES
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: Waiting until first release of NFTABLES
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• Re: Waiting until first release of NFTABLES
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: Waiting until first release of NFTABLES
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• Re: Waiting until first release of NFTABLES
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: Waiting until first release of NFTABLES
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• Re: Waiting until first release of NFTABLES
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• [ANNOUNCE] ipset 7.6 released
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Typo in the 'Mangle TCP options' wiki pages
  • From: Pieter van Leuven <pieter@xxxxxxxxxxxxx>
• Waiting until first release of NFTABLES
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• Re: NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c
  • From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
• Re: Automatically maintaining unique list of addresses
  • From: Lars Noodén <lars.nooden@xxxxxxx>
• Re: Automatically maintaining unique list of addresses
  • From: pauloric@xxxxxxxxxxxxxxxx
• Automatically maintaining unique list of addresses
  • From: Lars Noodén <lars.nooden@xxxxxxx>
• Re: NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c
  • From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
• Re: NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nftables "native interface" for IPv6 NPT?
  • From: Haochen Tong <i@xxxxxxxxxxxx>
• Re: Difficulties with ulog / NFCT
  • From: Alessandro Vesely <vesely@xxxxxxx>
• NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c
  • From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
• Re: Difficulties with ulog / NFCT
  • From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
• Re: Difficulties with ulog / NFCT
  • From: Alessandro Vesely <vesely@xxxxxxx>
• Re: Difficulties with ulog / NFCT
  • From: Alessandro Vesely <vesely@xxxxxxx>
• Resetting SKB CT
  • From: Mathew Heard <me@xxxxxxxxxx>
• Problems with CONNTRACK --restore-mark
  • From: Bernd Jerzyna <bjerzyna@xxxxxxxxx>
• Difficulties with ulog / NFCT
  • From: Alessandro Vesely <vesely@xxxxxxx>
• Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: nfnetlink: This library is not meant as a public API for application developers.
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
• Re: [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• nfnetlink: This library is not meant as a public API for application developers.
  • From: Alessandro Vesely <vesely@xxxxxxx>
• Re: manipulating the ttl
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
  • From: Youseok Yang <ileixe@xxxxxxxxx>
• Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
  • From: Youseok Yang <ileixe@xxxxxxxxx>
• Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: "" <kfm@xxxxxxxxxxxxx>
• [nftables 0.9.2] does jump require a kconf to be set to get it working?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
  • From: 양유석 <ileixe@xxxxxxxxx>
• iptables MASQUERADE considering route source hints
  • From: Max Stritzinger <max@xxxxxxxxx>
• Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
  • From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
• Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
  • From: 양유석 <ileixe@xxxxxxxxx>
• Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
  • From: 양유석 <ileixe@xxxxxxxxx>
• Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
  • From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
• Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
  • From: "G.W. Haywood" <ged@xxxxxxxxxxxxxxxxxx>
• Re: Does anybody experience kernel crush when 'ebtable -t nat -L'
  • From: 양유석 <ileixe@xxxxxxxxx>
• Does anybody experience kernel crush when 'ebtable -t nat -L'
  • From: 양유석 <ileixe@xxxxxxxxx>
• Re: Compiling nftables with stack-protector-strong fails checksec's canary check
  • From: Glen Huang <heyhgl@xxxxxxxxx>
• Compiling nftables with stack-protector-strong fails checksec's canary check
  • From: Glen Huang <heyhgl@xxxxxxxxx>
• [nftables] economics of reverse path filtering - FIB expression vs. kernel parameter
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• nftables "native interface" for IPv6 NPT?
  • From: Haochen Tong <i@xxxxxxxxxxxx>
• Netfilter state synchronisation in IPv6 only networks?
  • From: Nico Schottelius <nico.schottelius@xxxxxxxxxxx>
• Re: Metering is not working with dynamic sets on nft v0.9.2
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Metering is not working with dynamic sets on nft v0.9.2
  • From: darius <dram@xxxxxxxxxxx>
• Re: [firewall context] packet presentation for dual WAN interfaces on the same link - eth <> pppoe?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• [firewall context] packet presentation for dual WAN interfaces on the same link - eth <> pppoe?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: Redirect bridged traffic
  • From: Jaga Doe <jaga.doe@xxxxxxx>
• Re: Metering is not working with dynamic sets on nft v0.9.2
  • From: Darius <dram@xxxxxxxxxxx>
• Re: Metering is not working with dynamic sets on nft v0.9.2
  • From: Darius <dram@xxxxxxxxxxx>
• Re: Metering is not working with dynamic sets on nft v0.9.2
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Metering is not working with dynamic sets on nft v0.9.2
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Metering is not working with dynamic sets on nft v0.9.2
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Metering is not working with dynamic sets on nft v0.9.2
  • From: darius <dram@xxxxxxxxxxx>
• [nftables] inherent benefits from XDP?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables v0.9.2] inet <> ip | ip6 family tables processing order?
  • From: Gordon Fisher <gordfisherman@xxxxxxxxx>
• Re: Redirect bridged traffic
  • From: Jaga Doe <jaga.doe@xxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables] xtables-addons - GeoIP/ASN filter and lscan replicable?
  • From: pauloric@xxxxxxxxxxxxxxxx
• Re: Redirect bridged traffic
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Redirect bridged traffic
  • From: Jaga Doe <jaga.doe@xxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
  • From: "" <kfm@xxxxxxxxxxxxx>
• [nftables] xtables-addons - GeoIP/ASN filter and lscan replicable?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• [nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: Redirect bridged traffic
  • From: Florian Westphal <fw@xxxxxxxxx>
• Redirect bridged traffic
  • From: Jaga Doe <jaga.doe@xxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
  • From: Florian Westphal <fw@xxxxxxxxx>
• [nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables v0.9.2] inet <> ip | ip6 family tables processing order?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nftables v0.9.2] inet <> ip | ip6 family tables processing order?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: BNF for nftables?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nftables routing decision
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [nftables v0.9.2] inet <> ip | ip6 family tables processing order?
  • From: Florian Westphal <fw@xxxxxxxxx>
• [nftables v0.9.2] inet <> ip | ip6 family tables processing order?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• [nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [MAINTENANCE] migrating git.netfilter.org
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: [MAINTENANCE] migrating git.netfilter.org
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [MAINTENANCE] migrating git.netfilter.org
  • From: José M. Guisado <guigom@xxxxxxxxxx>
• nftables simple configuration
  • From: Jaga Doe <jaga.doe@xxxxxxx>
• nftables routing decision
  • From: Иванов Роман <krey@xxxxxxxxxx>
• Re: Lint for nftables
  • From: Paweł Krawczyk <pawel.krawczyk@xxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
  • From: "" <kfm@xxxxxxxxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
  • From: "" <kfm@xxxxxxxxxxxxx>
• [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Is it possible to differentiate a nmap port scan from a syn flood attack?
  • From: Miriam Rico <miriam.rico@xxxxxxxxxxxx>
• Re: Lint for nftables
  • From: Florian Westphal <fw@xxxxxxxxx>
• Lint for nftables
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• BNF for nftables?
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• Re: [nftables v0.9.2] hoplimit mutually exclusive with with saddr/daddr?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• [nftables v0.9.2] hoplimit mutually exclusive with with saddr/daddr?
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: nft -f fails to merge some chains in same table but defined in separate blocks
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• nft -f fails to merge some chains in same table but defined in separate blocks
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• [MAINTENANCE] migrating git.netfilter.org
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nftables atomic updates
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Re: nftables atomic updates
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• nftables atomic updates
  • From: Frank Myhr <fmyhr@xxxxxxxxxxx>
• Multiples Chain with same hook - Default-Behavior?
  • From: Thomas Luening <toml@xxxxxxx>
• Re: nft icmp type all?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nft icmp type all?
  • From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
• Re: nft icmp type all?
  • From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
• Re: Bulk loading of IP addresses or subnets in nftables?
  • From: Lars Noodén <lars.nooden@xxxxxxx>
• Re: nft multiple port exception
  • From: "" <kfm@xxxxxxxxxxxxx>
• nft multiple port exception
  • From: "david@xxxxxxxxx" <david@xxxxxxxxx>
• Re: Bulk loading of IP addresses or subnets in nftables?
  • From: "" <kfm@xxxxxxxxxxxxx>
• Bulk loading of IP addresses or subnets in nftables?
  • From: Lars Noodén <lars.nooden@xxxxxxx>
• Re: nft icmp type all?
  • From: Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx>
• Re: nftables: Allow NAT Access with Timeout
  • From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
• Re: manipulating the ttl
  • From: Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx>
• manipulating the ttl
  • From: Daniel Lakeland <dlakelan@xxxxxxxxxxxxxxxxxx>
• Re: TCP 4 way handshake or TCP Split Handshake Attack
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nft icmp type all?
  • From: "" <kfm@xxxxxxxxxxxxx>
• nft icmp type all?
  • From: Robert Sander <r.sander@xxxxxxxxxxxxxxxxxxx>
• Re: TCP 4 way handshake or TCP Split Handshake Attack
  • From: Fatih USTA <fatihusta86@xxxxxxxxx>
• Re: TCP 4 way handshake or TCP Split Handshake Attack
  • From: Florian Westphal <fw@xxxxxxxxx>
• TCP 4 way handshake or TCP Split Handshake Attack
  • From: Fatih USTA <fatihusta86@xxxxxxxxx>
• Policy routing Docker host not forwarding return traffic if marked
  • From: Felipe Arturo Polanco <felipeapolanco@xxxxxxxxx>
• AW: nftables equivalent for iptables -m recent
  • From: "Sig Pam" <spam@xxxxxxxxx>
• Re: nftables: Allow NAT Access with Timeout
  • From: "" <kfm@xxxxxxxxxxxxx>
• nftables: Allow NAT Access with Timeout
  • From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
• Re: nftables equivalent for iptables -m recent
  • From: "" <kfm@xxxxxxxxxxxxx>
• nftables equivalent for iptables -m recent
  • From: "Sig Pam" <spam@xxxxxxxxx>
• Re: nftables static routing fails
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nftables static routing fails
  • From: david NEW <david@xxxxxxxxx>
• Re: nftables static routing fails
  • From: Daniel <tech@xxxxxxxxxx>
• Re: nftables static routing fails
  • From: Florian Westphal <fw@xxxxxxxxx>
• nftables static routing fails
  • From: david NEW <david@xxxxxxxxx>
• [ANNOUNCE] ipset 7.5 released
  • From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
• Re: nft script file, using include with wildcards
  • From: Florian Westphal <fw@xxxxxxxxx>
• nft script file, using include with wildcards
  • From: Alberto Spin <a.spin@xxxxxxxxxxx>
• Re: Assertion error when using map
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Assertion error when using map
  • From: Changli Gao <xiaosuo@xxxxxxxxx>
• Re: Assertion error when using map
  • From: Florian Westphal <fw@xxxxxxxxx>
• IPv6 parsing issues in conntrackd?
  • From: Nico Schottelius <nico.schottelius@xxxxxxxxxxx>
• nftables with secmark and ipsec
  • From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
• Assertion error when using map
  • From: Changli Gao <xiaosuo@xxxxxxxxx>
• Re: [nft 0.9.2] cannot get sets to work - Error: Could not process rule: Not supported
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: [nft 0.9.2] cannot get sets to work - Error: Could not process rule: Not supported
  • From: "" <kfm@xxxxxxxxxxxxx>
• [nft 0.9.2] cannot get sets to work - Error: Could not process rule: Not supported
  • From: ѽ҉ᶬḳ℠ <vtol@xxxxxxx>
• Re: RFC -- IPTABLES vs NFTABLES vs BPFILTER
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• RFC -- IPTABLES vs NFTABLES vs BPFILTER
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• Re: Weird/High CPU usage caused by LOG target
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: Weird/High CPU usage caused by LOG target
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• Re: Weird/High CPU usage caused by LOG target
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• Re: Weird/High CPU usage caused by LOG target
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: Weird/High CPU usage caused by LOG target
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: Weird/High CPU usage caused by LOG target
  • From: Thomas Korimort <tomkori@xxxxxxx>
• Weird/High CPU usage caused by LOG target
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• geoip not working as expected
  • From: Felix <felix@xxxxxxxx>
• Re: trying to duplicate udp packets destined for port 67 to port 6767 on same host
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• trying to duplicate udp packets destined for port 67 to port 6767 on same host
  • From: Mike <mike@xxxxxxxxxx>
• xt_cluster for IPv6
  • From: Valentin Vidić <vvidic@xxxxxxxxxxxxxxxxxxxxxx>
• How to forward marked packets with same local IP?
  • From: Felipe Arturo Polanco <felipeapolanco@xxxxxxxxx>
• [PATCH] nftables: Bump dependency on libnftnl to 1.1.5
  • From: Jan-Philipp Litza <jpl@xxxxxxxxx>
• Re: [ANNOUNCE] nftables 0.9.3 release
  • From: Paweł Krawczyk <pawel.krawczyk@xxxxxxxx>
• Re: nftables: No prefixes in anonymous sets?
  • From: Jan-Philipp Litza <jpl+direct@xxxxxxxxx>
• Re: [ANNOUNCE] ebtables 2.0.11 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] nftables 0.9.3 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nftables: No prefixes in anonymous sets?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: [ANNOUNCE] ebtables 2.0.11 release
  • From: Jan Engelhardt <jengelh@xxxxxxx>
• [ANNOUNCE] iptables 1.8.4 release
  • From: Phil Sutter <phil@xxxxxxxxxxxxx>
• [ANNOUNCE] ebtables 2.0.11 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] arptables 0.0.5 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] libnftnl 1.1.5 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• nftables: No prefixes in anonymous sets?
  • From: Jan-Philipp Litza <jpl+direct@xxxxxxxxx>
• Re: WARNING: CPU: 9 PID: 0 at net/netfilter/nf_conntrack_core.c:977 __nf_conntrack_confirm+0x4e5/0x6f0 [nf_conntrack]
  • From: Harald Dunkel <harald.dunkel@xxxxxxxxxx>
• Re: WARNING: CPU: 9 PID: 0 at net/netfilter/nf_conntrack_core.c:977 __nf_conntrack_confirm+0x4e5/0x6f0 [nf_conntrack]
  • From: Harald Dunkel <harald.dunkel@xxxxxxxxxx>
• WARNING: CPU: 9 PID: 0 at net/netfilter/nf_conntrack_core.c:977 __nf_conntrack_confirm+0x4e5/0x6f0 [nf_conntrack]
  • From: Harald Dunkel <harald.dunkel@xxxxxxxxxx>
• Re: Mysql has problem with synproxy
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Netfilter hook doesn't see all packets
  • From: Psyspy rambo <psyspy2020@xxxxxxxxx>
• Re: Netfilter hook doesn't see all packets
  • From: Psyspy rambo <psyspy2020@xxxxxxxxx>
• Re: Netfilter hook doesn't see all packets
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Netfilter hook doesn't see all packets
  • From: Psyspy rambo <psyspy2020@xxxxxxxxx>
• Re: Netfilter hook doesn't see all packets
  • From: Gordon Fisher <gordfisherman@xxxxxxxxx>
• Re: Doubts about netfilter + nftables and module
  • From: Elias Valea Peri <eliasvp@xxxxxxxxx>
• Re: Doubts about netfilter + nftables and module
  • From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
• Re: One more application available for nftables
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: Netfilter hook doesn't see all packets
  • From: Psyspy rambo <psyspy2020@xxxxxxxxx>
• Re: One more application available for nftables
  • From: zrm <zrm@xxxxxxxxxxxxxxx>
• Doubts about netfilter + nftables and module
  • From: Elias Valea Peri <eliasvp@xxxxxxxxx>
• How to prevent SNAT rules from being applied to 'ICMP time exceeded' responses?
  • From: Gordon Fish <gordfisherman@xxxxxxxxx>
• Re: One more application available for nftables
  • From: Alessandro Vesely <vesely@xxxxxxx>
• Mysql has problem with synproxy
  • From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
• Re: One more application available for nftables
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: Upgrading libnetfilter_queue to use nftables
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Netfilter hook doesn't see all packets
  • From: Psyspy rambo <psyspy2020@xxxxxxxxx>
• One more application available for nftables
  • From: Matt <matt-nft@xxxxxxxxxxxx>
• Re: ipset bitmap:port question
  • From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
• Re: ipset bitmap:port question
  • From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
• Re: ipset bitmap:port question
  • From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
• Re: ipset bitmap:port question
  • From: İbrahim Ercan <ibrahim.metu@xxxxxxxxx>
• Re: Upgrading libnetfilter_queue to use nftables
  • From: Alessandro Vesely <vesely@xxxxxxx>
• Re: Upgrading libnetfilter_queue to use nftables
  • From: Florian Westphal <fw@xxxxxxxxx>
• ipset bitmap:port question
  • From: A L <mail@xxxxxxxxxxxxxx>
• Upgrading libnetfilter_queue to use nftables
  • From: Alessandro Vesely <vesely@xxxxxxx>
• Re: Trouble getting SYNPROXY to work.
  • From: Pierluigi Frullani Sinergy <p.frullani@xxxxxxxxxx>
• Re: Trouble getting SYNPROXY to work.
  • From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
• Re: Trouble getting SYNPROXY to work.
  • From: Pigi <pigi@xxxxxxxxx>
• Re: Trouble getting SYNPROXY to work.
  • From: Fatih USTA <fatihusta86@xxxxxxxxx>
• Trouble getting SYNPROXY to work.
  • From: Pigi <pigi@xxxxxxxxx>
• Re: ebtables dnat rule gets system frozen
  • From: Florian Westphal <fw@xxxxxxxxx>
• ebtables dnat rule gets system frozen
  • From: Tom Yan <tom.ty89@xxxxxxxxx>
• Length module, docs "incorrect" or something else?
  • From: Andreas Sikkema <ramdyne@xxxxxxx>
• [ANNOUNCE] ipset 7.4 released
  • From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
• Re: IPv6 nft vs ip6tables - Local incompatibility ?
  • From: Daniel Huhardeaux <tech@xxxxxxxxxx>
• Distinguish local from routed traffic
  • From: Robert Dahlem <Robert.Dahlem@xxxxxxx>
• Re: IPv6 nft vs ip6tables - Local incompatibility ?
  • From: Florian Westphal <fw@xxxxxxxxx>
• IPv6 nft vs ip6tables - Local incompatibility ?
  • From: Daniel Huhardeaux <tech@xxxxxxxxxx>
• Re: Named sets with timeout
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: Named sets with timeout
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: Named sets with timeout
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: Named sets with timeout
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: Named sets with timeout
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Named sets with timeout
  • From: Matt <matt-nft@xxxxxxxxxxxx>
• Re: understanding my MASQURADING and SNAT problem
  • From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
• Re: understanding my MASQURADING and SNAT problem
  • From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
• Re: understanding my MASQURADING and SNAT problem
  • From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
• Been having mail server issues so been unable to reply properly
  • From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
• Re: understanding my MASQURADING and SNAT problem
  • From: zrm <zrm@xxxxxxxxxxxxxxx>
• Re: understanding my MASQURADING and SNAT problem
  • From: zrm <zrm@xxxxxxxxxxxxxxx>
• Re: understanding my MASQURADING and SNAT problem
  • From: zrm <zrm@xxxxxxxxxxxxxxx>
• understanding my MASQURADING and SNAT problem
  • From: Aaron Gray <aaronngray.lists@xxxxxxxxx>
• Re: nftables v0.9.0 netlink: Error: set is not a map
  • From: Daniel Huhardeaux <tech@xxxxxxxxxx>
• How to implement transparent proxy in bridge through nftables
  • From: Ttttabcd <ttttabcd@xxxxxxxxxxxxxx>
• Re: nftables v0.9.0 netlink: Error: set is not a map
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Snapped nftables
  • From: Paweł Krawczyk <pawel.krawczyk@xxxxxxxx>
• nftables v0.9.0 netlink: Error: set is not a map
  • From: Daniel Huhardeaux <tech@xxxxxxxxxx>
• CFS for Netdev 0x14 open!
  • From: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
• Status of BPFilter?
  • From: A L <mail@xxxxxxxxxxxxxx>
• Counting over a bridge
  • From: Cristian Morales Vega <christian.morales.vega@xxxxxxxxx>
• Re: flowtable breaks masquerade for dnat flows
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nft and defined variables
  • From: Daniel Huhardeaux <tech@xxxxxxxxxx>
• Re: nft and defined variables
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• flowtable breaks masquerade for dnat flows
  • From: "Jonathan Rudenberg" <jonathan@xxxxxxxxxxxx>
• Re: nft - execute command without returning error
  • From: Daniel Huhardeaux <tech@xxxxxxxxxx>
• syn-flag-check from outside not working
  • From: Thomas Luening <toml@xxxxxxx>
• nft - execute command without returning error
  • From: Daniel Huhardeaux <tech@xxxxxxxxxx>
• nft and defined variables
  • From: Daniel Huhardeaux <tech@xxxxxxxxxx>
• Re: nft tproxy without iproute2 rule
  • From: Norman Rasmussen <norman@xxxxxxxxxxxxxxx>
• Re: nft -- documentation on fib_addrtype missing, more data
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• Re: nft -- documentation on fib_addrtype missing, more data
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nft -- documentation on fib_addrtype missing, more data
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nft -- documentation on fib_addrtype missing, more data
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nft -- documentation on fib_addrtype missing
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• nft -- documentation on fib_addrtype missing, more data
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• nft -- documentation on fib_addrtype missing
  • From: Stephen Satchell <list@xxxxxxxxxxxx>
• Re: nft tproxy without iproute2 rule
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nft: auto-merge set doesn't merge overlapping intervals
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• nft tproxy without iproute2 rule
  • From: Norman Rasmussen <norman@xxxxxxxxxxxxxxx>
• TEE target and gateway as MAC address
  • From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Jags <TheJags@xxxxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: sean darcy <seandarcy2@xxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Jags <TheJags@xxxxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Anton Rieger <rieger@xxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Jags <TheJags@xxxxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: "Neal P. Murphy" <neal.p.murphy@xxxxxxxxxxxx>
• minor change recommendation for https://wiki.nftables.org
  • From: Matt <matt-nft@xxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: Cannot add ip6 elements to a named set
  • From: Florian Westphal <fw@xxxxxxxxx>
• Cannot add ip6 elements to a named set
  • From: Matt <matt-nft@xxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Jags <TheJags@xxxxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Jags <TheJags@xxxxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Jags <TheJags@xxxxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Jags <TheJags@xxxxxxxxxxxxxx>
• Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: zrm <zrm@xxxxxxxxxxxxxxx>
• nft: auto-merge set doesn't merge overlapping intervals
  • From: Richard Stanway <r1ch@xxxxxxxxxxxxxx>
• How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10
  • From: Jags <TheJags@xxxxxxxxxxxxxx>
• iptables TEE target and system slowdown
  • From: Vieri Di Paola <vieridipaola@xxxxxxxxx>
• Re: nft set elements: Comment not available for elements?
  • From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
• NAT statements in nft command documentation are misleading
  • From: Ted Roo <reject5514@xxxxxxxxx>
• Re: Intermix ip,ip6 saddr
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: Intermix ip,ip6 saddr
  • From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
• Re: [PATCH] ipset: Add wildcard support to net,iface
  • From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
• Re: [PATCH] ipset: Add wildcard support to net,iface
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [PATCH] ipset: Add wildcard support to net,iface
  • From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
• Re: How is nftables + IFB
  • From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
• Re: How is nftables + IFB
  • From: Anton Danilov <littlesmilingcloud@xxxxxxxxx>
• Intermix ip,ip6 saddr
  • From: Anton Rieger <rieger@xxxxxxxxx>
• Re: queue bypass not working?
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Regarding flowtables and conntrack
  • From: Otto Reinikainen <ottorei@xxxxxxxxxxxxxx>
• queue bypass not working?
  • From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
• nft set elements: Comment not available for elements?
  • From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
• Re: How is nftables + IFB
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• How is nftables + IFB
  • From: John Mok <a9121431@xxxxxxxxx>
• sip helper work with tcp?
  • From: "Brian J. Murrell" <brian@xxxxxxxxxxxxxxx>
• Re: Can't run meters example - "Could not process rule: Operation not supported"
  • From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
• Re: Can't run meters example - "Could not process rule: Operation not supported"
  • From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
• Re: Can't run meters example - "Could not process rule: Operation not supported"
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Can't run meters example - "Could not process rule: Operation not supported"
  • From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
• Re: Can't run meters example - "Could not process rule: Operation not supported"
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Can't run meters example - "Could not process rule: Operation not supported"
  • From: Oscar Muñoz Garrigós <osmuogar@xxxxxxxxx>
• Re: Determine cgroup ID for nftables
  • From: Pavel Volkov <sailor@xxxxxxxxxxxxxxxxxx>
• Re: Info on the "ct" selector
  • From: Florian Westphal <fw@xxxxxxxxx>
• Registration in bugtracker not working
  • From: Антон Блудов <anthony.bloodoff@xxxxxxxxx>
• Re: Determine cgroup ID for nftables
  • From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
• Info on the "ct" selector
  • From: Thomas <tad1073@xxxxxxxxx>
• Determine cgroup ID for nftables
  • From: Pavel Volkov <sailor@xxxxxxxxxxxxxxxxxx>
• server behind a nftables NAT
  • From: Luke Whittlesey <luke.whittlesey@xxxxxxxxx>
• Re: Loading nft
  • From: Jan Hauge <jha@xxxxxxx>
• Loading nft
  • From: Matt <matt-nft@xxxxxxxxxxxx>
• Re: ipt to nft
  • From: Eric Garver <eric@xxxxxxxxxxx>
• Clarification on dynamic nft sets
  • From: Damien Robert <damien.olivier.robert@xxxxxxxxx>
• ipt to nft
  • From: Matt <matt-nft@xxxxxxxxxxxx>
• Re: nftables.service - nftables - Active: active (exited) | nftables exits immediately in Debian server
  • From: Mikhail Morfikov <mmorfikov@xxxxxxxxx>
• Re: nftables.service - nftables - Active: active (exited) | nftables exits immediately in Debian server
  • From: Thomas Luening <toml@xxxxxxx>
• Re: nft ruleset help
  • From: Thomas Luening <toml@xxxxxxx>
• Re: nft ruleset help
  • From: Thomas <tad1073@xxxxxxxxx>
• nft ruleset help
  • From: Thomas <tad1073@xxxxxxxxx>
• Re: HA firewall providing "masquerade": SNAT the only way to go?
  • From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
• nftables.service - nftables - Active: active (exited) | nftables exits immediately in Debian server
  • From: Jags <TheJags@xxxxxxxxxxxxxx>
• Re: Whither masquerading RANDOM_FULLY?
  • From: Florian Westphal <fw@xxxxxxxxx>
• RE: Whither masquerading RANDOM_FULLY?
  • From: "Mike Spreitzer" <mspreitz@xxxxxxxxxx>
• Re: Whither masquerading RANDOM_FULLY?
  • From: Florian Westphal <fw@xxxxxxxxx>
• RE: Whither masquerading RANDOM_FULLY?
  • From: "Mike Spreitzer" <mspreitz@xxxxxxxxxx>
• Re: Whither masquerading RANDOM_FULLY?
  • From: Florian Westphal <fw@xxxxxxxxx>
• Whither masquerading RANDOM_FULLY?
  • From: "Mike Spreitzer" <mspreitz@xxxxxxxxxx>
• Re: nftables Won't Restore with Timeout/Expire
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: nftables Won't Restore with Timeout/Expire
  • From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
• Re: Why MASQUERADE --to-ports ?
  • From: zrm <zrm@xxxxxxxxxxxxxxx>
• Re: Why MASQUERADE --to-ports ?
  • From: "Tom.L" <toml@xxxxxxx>
• Re: Why MASQUERADE --to-ports ?
  • From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
• Re: Why MASQUERADE --to-ports ?
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Why MASQUERADE --to-ports ?
  • From: "toml@xxxxxxx" <toml@xxxxxxx>
• Re: HA firewall providing "masquerade": SNAT the only way to go?
  • From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
• Re: HA firewall providing "masquerade": SNAT the only way to go?
  • From: Laura Garcia <nevola@xxxxxxxxx>
• HA firewall providing "masquerade": SNAT the only way to go?
  • From: Bernd Naumann <bena@xxxxxxxxxxxxxxx>
• Re: Lightweight ipset API?
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• Re: Packet Marks with UDP and portforwarding
  • From: Philip Schaten <philip@xxxxxxxxxxxxxx>
• Re: Packet Marks with UDP and portforwarding
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Packet Marks with UDP and portforwarding
  • From: Philip Schaten <philip@xxxxxxxxxxxxxx>
• Re: Packet Marks with UDP and portforwarding
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Packet Marks with UDP and portforwarding
  • From: Philip Schaten <philip@xxxxxxxxxxxxxx>
• Re: Packet Marks with UDP and portforwarding
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Packet Marks with UDP and portforwarding
  • From: Philip Schaten <philip@xxxxxxxxxxxxxx>
• Re: Packet Marks with UDP and portforwarding
  • From: Florian Westphal <fw@xxxxxxxxx>
• Packet Marks with UDP and portforwarding
  • From: Philip Schaten <philip@xxxxxxxxxxxxxx>
• Re: Lightweight ipset API?
  • From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
• Re: meter in 0.9.1 (nft noob question)
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• IPTV
  • From: Info <info@xxxxxxx>
• Re: meter in 0.9.1 (nft noob question)
  • From: Laura Garcia <nevola@xxxxxxxxx>
• eBPF for firewalls?
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Lightweight ipset API?
  • From: Ian Pilcher <arequipeno@xxxxxxxxx>
• Re: Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
  • From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
• Re: Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
  • From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
• Re: Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
  • From: Kadlecsik József <kadlec@xxxxxxxxxxxxxxxxx>
• Subject: Kernel crash; ipset comments overwritten - ipset v6.23.
  • From: "G.W. Haywood" <netfilter@xxxxxxxxxxxxxxxxxx>
• [ANNOUNCE] nftables 0.9.2 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• [ANNOUNCE] libnftnl 1.1.4 release
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: meter in 0.9.1 (nft noob question)
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: Fail2ban integration
  • From: Nevo <nevo@xxxxxxxxx>
• Fail2ban integration
  • From: Kim Lee <kim_lee@xxxxxxxxxx>
• Re: Filtering specific bytes from packet layer 7 payload
  • From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
• Re: Filtering specific bytes from packet layer 7 payload
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Filtering specific bytes from packet layer 7 payload
  • From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
• Re: issue with conntrackd wrt handling dead connections
  • From: Michael Schnyder <mschnyder@xxxxxxxxxxxxxxxx>
• Filtering specific bytes from packet layer 7 payload
  • From: flyingrhino <flyingrhino@xxxxxxxxxxxx>
• Re: issue with conntrackd wrt handling dead connections
  • From: Florian Westphal <fw@xxxxxxxxx>
• issue with conntrackd wrt handling dead connections
  • From: Michael Schnyder <mschnyder@xxxxxxxxxxxxxxxx>
• Re: nat INPUT chain not used for local-to-local packets
  • From: zrm <zrm@xxxxxxxxxxxxxxx>
• Re: nftables Won't Restore with Timeout/Expire
  • From: Florian Westphal <fw@xxxxxxxxx>
• nftables Won't Restore with Timeout/Expire
  • From: Mike Dillinger <miked@xxxxxxxxxxxxxx>
• Re: meter in 0.9.1 (nft noob question)
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: meter in 0.9.1 (nft noob question)
  • From: Laura Garcia <nevola@xxxxxxxxx>
• Re: meter in 0.9.1 (nft noob question)
  • From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
• Re: meter in 0.9.1 (nft noob question)
  • From: Duncan Roe <duncan_roe@xxxxxxxxxxxxxxx>
• Re: meter in 0.9.1 (nft noob question)
  • From: Laura Garcia <nevola@xxxxxxxxx>
• meter in 0.9.1 (nft noob question)
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• conntrack vs. ICMPv6 policy (RFC 4890)
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• [PATCH v1 1/1] Simplify unpacking start/end tuples from database
  • From: "Philip Prindeville" <philipp@xxxxxxxxxxxxxxxxxxxxx>
• Re: nftables: one rule to rule them all?
  • From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
• Re: nftables: one rule to rule them all?
  • From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
• Re: nftables: one rule to rule them all?
  • From: Florian Westphal <fw@xxxxxxxxx>
• nftables: one rule to rule them all?
  • From: Fran Fitzpatrick <francis.x.fitzpatrick@xxxxxxxxx>
• Re: connlimit unexplained behaviour with local connections
  • From: Nik <nik_cro@xxxxxxxxxxxxxx>
• Re: connlimit unexplained behaviour with local connections
  • From: Florian Westphal <fw@xxxxxxxxx>
• connlimit unexplained behaviour with local connections
  • From: Nik <nik_cro@xxxxxxxxxxxxxx>
• Re: "Byteorder mismatch" for "iifname {ppp*}"? (nft noob question)
  • From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
• Re: "Byteorder mismatch" for "iifname {ppp*}"? (nft noob question)
  • From: Florian Westphal <fw@xxxxxxxxx>
• "Byteorder mismatch" for "iifname {ppp*}"? (nft noob question)
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• [ANNOUNCE] ipset 7.3 released
  • From: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>
• Re: Backwards compatibility with iptables etc.
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Portknocking example wiki.nftables.org
  • From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
• Re: one chain, two hooks (nft noob question)
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: iiftype loopback vs. iif lo (nft noob question)
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: ct state vmap (nft noob question)
  • From: Florian Westphal <fw@xxxxxxxxx>
• one chain, two hooks (nft noob question)
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: ct state vmap (nft noob question)
  • From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
• Re: chain comments
  • From: "Trent W. Buck" <trentbuck@xxxxxxxxx>
• ct state vmap (nft noob question)
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• iiftype loopback vs. iif lo (nft noob question)
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Backwards compatibility with iptables etc.
  • From: Hans Malissa <hmalissa76@xxxxxxxxx>
• Portknocking example wiki.nftables.org
  • From: Matthias Maier <tamiko@xxxxxxxx>
• Re: nftables.service ".d" support
  • From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
• Re: nftables.service ".d" support
  • From: Amish <anon.amish@xxxxxxxxx>
• Re: chain comments
  • From: Florian Westphal <fw@xxxxxxxxx>
• chain comments
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• nftables.service ".d" support
  • From: trentbuck@xxxxxxxxx (Trent W. Buck)
• Re: nft version 0.9.1 add rule with match all using kernel 4.14
  • From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
• Re: nft version 0.9.1 add rule with match all using kernel 4.14
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nft version 0.9.1 add rule with match all using kernel 4.14
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nft version 0.9.1 add rule with match all using kernel 4.14
  • From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
• Re: nft version 0.9.1 add rule with match all using kernel 4.14
  • From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
• Re: nft version 0.9.1 add rule with match all using kernel 4.14
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• Re: nft version 0.9.1 add rule with match all using kernel 4.14
  • From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
• Re: nft version 0.9.1 add rule with match all using kernel 4.14
  • From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
• nft version 0.9.1 add rule with match all using kernel 4.14
  • From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
• nft create chain in version 0.9.1?
  • From: Charles Eidsness <charles@xxxxxxxxxxxxxxxxxxx>
• [ANNOUNCE] New Netfilter core team member: Phil Sutter
  • From: Arturo Borrero Gonzalez <arturo@xxxxxxxxxxxxx>
• Re: 100% CPU utilization when running iptables (nft interface) as non-root user
  • From: Florian Westphal <fw@xxxxxxxxx>
• Re: Nftables replacement for -j CT --notrack
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Re: Nftables replacement for -j CT --notrack
  • From: Tomas Mudrunka <mudrunka@xxxxxxxxx>
• Re: Nftables replacement for -j CT --notrack
  • From: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
• Nftables replacement for -j CT --notrack
  • From: Tomas Mudrunka <mudrunka@xxxxxxxxx>
• Traffic shaping and accounting using nftables (ISP scenario)
  • From: Tomas Mudrunka <mudrunka@xxxxxxxxx>