Hello, Kerin Millar wrote: > On Wed, 18 Dec 2024, at 12:09 PM, Jan Kasprzak wrote: > > Hello, netfilter users, > > > > I am in a (long overdue) process of converting my iptables-based scripts > > on my servers to nftables. I am also looking at what setup other users have > > - I examined e.g. the configuration created by firewalld, and there are > > some parts which I cannot understand from either nft(8) or nftables wiki: > > > >> $ nft list ruleset > >> ... > >> table inet firewalld { # progname firewalld > >> flags owner,persist > > > > - where can I find what these flags mean, and what other flags are supported? > > nft(8) lists only a "dormant" flag in the TABLES section, but not owner > > nor persist. > > https://git.netfilter.org/nftables/diff/doc/nft.txt?id=4955ae1a81b73f9a61b7fbf1a73e11544513548e > > For your convenience, below is a textual rendition of the relevant section of the man page, as of nftables v1.1.1. OK, it seems that I should stop assuming that Fedora has newer versions of everything compared to rhel/alma/rocky. Currently both Fedora 41 and AlmaLinux 9.5 have nftables version labeled 1.0.9, but Fedora man page describes only the dormant flag, while AlmaLinux have all three flags. Thanks for explanation and sorry for the noise. -Yenya -- | Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> | | https://www.fi.muni.cz/~kas/ GPG: 4096R/A45477D5 | We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise. --Larry Wall