On Wed, 18 Dec 2024, at 1:09 PM, Jan Kasprzak wrote: > Hello, > > Kerin Millar wrote: >> On Wed, 18 Dec 2024, at 12:09 PM, Jan Kasprzak wrote: >> > Hello, netfilter users, >> > >> > I am in a (long overdue) process of converting my iptables-based scripts >> > on my servers to nftables. I am also looking at what setup other users have >> > - I examined e.g. the configuration created by firewalld, and there are >> > some parts which I cannot understand from either nft(8) or nftables wiki: >> > >> >> $ nft list ruleset >> >> ... >> >> table inet firewalld { # progname firewalld >> >> flags owner,persist >> > >> > - where can I find what these flags mean, and what other flags are supported? >> > nft(8) lists only a "dormant" flag in the TABLES section, but not owner >> > nor persist. >> >> https://git.netfilter.org/nftables/diff/doc/nft.txt?id=4955ae1a81b73f9a61b7fbf1a73e11544513548e >> >> For your convenience, below is a textual rendition of the relevant section of the man page, as of nftables v1.1.1. > > OK, it seems that I should stop assuming that Fedora has newer versions > of everything compared to rhel/alma/rocky. Currently both Fedora 41 > and AlmaLinux 9.5 have nftables version labeled 1.0.9, but Fedora man page > describes only the dormant flag, while AlmaLinux have all three flags. > > Thanks for explanation and sorry for the noise. The reason for this is that AlmaLinux backported the relevant commit. https://git.almalinux.org/rpms/nftables/commit/3d2e43c -- Kerin Millar