Re: nft table flags documentation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 18 Dec 2024, at 1:09 PM, Jan Kasprzak wrote:
> Hello,
>
> Kerin Millar wrote:
>> On Wed, 18 Dec 2024, at 12:09 PM, Jan Kasprzak wrote:
>> > Hello, netfilter users,
>> >
>> > I am in a (long overdue) process of converting my iptables-based scripts
>> > on my servers to nftables. I am also looking at what setup other users have
>> > - I examined e.g. the configuration created by firewalld, and there are
>> > some parts which I cannot understand from either nft(8) or nftables wiki:
>> >
>> >> $ nft list ruleset
>> >> ...
>> >> table inet firewalld { # progname firewalld
>> >>         flags owner,persist
>> >
>> > - where can I find what these flags mean, and what other flags are supported?
>> > nft(8) lists only a "dormant" flag in the TABLES section, but not owner
>> > nor persist.
>> 
>> https://git.netfilter.org/nftables/diff/doc/nft.txt?id=4955ae1a81b73f9a61b7fbf1a73e11544513548e
>> 
>> For your convenience, below is a textual rendition of the relevant section of the man page, as of nftables v1.1.1.
>
> OK, it seems that I should stop assuming that Fedora has newer versions
> of everything compared to rhel/alma/rocky. Currently both Fedora 41
> and AlmaLinux 9.5 have nftables version labeled 1.0.9, but Fedora man page
> describes only the dormant flag, while AlmaLinux have all three flags.
>
> Thanks for explanation and sorry for the noise.

The reason for this is that AlmaLinux backported the relevant commit.

https://git.almalinux.org/rpms/nftables/commit/3d2e43c

-- 
Kerin Millar




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux