Re: nft table flags documentation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



	Hello,

Kerin Millar wrote:
> On Wed, 18 Dec 2024, at 12:09 PM, Jan Kasprzak wrote:
> > Hello, netfilter users,
> >
> > I am in a (long overdue) process of converting my iptables-based scripts
> > on my servers to nftables. I am also looking at what setup other users have
> > - I examined e.g. the configuration created by firewalld, and there are
> > some parts which I cannot understand from either nft(8) or nftables wiki:
> >
> >> $ nft list ruleset
> >> ...
> >> table inet firewalld { # progname firewalld
> >>         flags owner,persist
> >
> > - where can I find what these flags mean, and what other flags are supported?
> > nft(8) lists only a "dormant" flag in the TABLES section, but not owner
> > nor persist.
> 
> https://git.netfilter.org/nftables/diff/doc/nft.txt?id=4955ae1a81b73f9a61b7fbf1a73e11544513548e
> 
> For your convenience, below is a textual rendition of the relevant section of the man page, as of nftables v1.1.1.

OK, it seems that I should stop assuming that Fedora has newer versions
of everything compared to rhel/alma/rocky. Currently both Fedora 41
and AlmaLinux 9.5 have nftables version labeled 1.0.9, but Fedora man page
describes only the dormant flag, while AlmaLinux have all three flags.

Thanks for explanation and sorry for the noise.

-Yenya

-- 
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| https://www.fi.muni.cz/~kas/                        GPG: 4096R/A45477D5 |
    We all agree on the necessity of compromise. We just can't agree on
    when it's necessary to compromise.                     --Larry Wall




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux