Linux Netfilter / IP Tables
[Prev Page][Next Page]
- Re: ipset: update timeout when IP matches, (continued)
- IPVS: conn_tab_bits param for ip_vs > 20 leads to default being set,
Abhijeet Rastogi
- allow user to offload tc action to net device : Question, Martin Zaharinov
- Subject: Flowtables send packets to broadcast MAC address., Christian Worm Mortensen
- drop first SYN packet with nftables,
Stewart Nelson
- Ip route flush table X doesn't delete the table?, Varun Tewari
- Question about ulogd2 and hostname, italia azzura
- nft -f fails with netlink: Error: Could not process rule: Message too long,
Gio
- [ANNOUNCE] iptables 1.8.9 release, Phil Sutter
- [nft] src: allow for updating devices on existing netdev chain - Test result,
Martin Zaharinov
- Using sets across ip and netdev tables, Beep Beep
- [ANNOUNCE] ipset 7.17 released, Jozsef Kadlecsik
- NFT Flowtable HW Offload,
Martin Zaharinov
- bftables and scripts question,
ToddAndMargo
- netfilter flowtable software offload,
yves baumes
- ipset bug (kernel hang),
Марк Коренберг
- [ANNOUNCE] nftables 1.0.6 release, Pablo Neira Ayuso
- nftables tutorial for dummies?,
ToddAndMargo
- nf_conntrack_helper replacement?,
ToddAndMargo
- nftables: origin sport after dstnat,
Aaron Fischer
- Which of these 2 rules will consume more CPU? Please guide.,
Amish
- [ANNOUNCE] ipset 7.16 released, Jozsef Kadlecsik
- NAT6 One to One implement in kernel ?, ayaka
- Can Not Send Netlink Messages with Unshare(CLONE_NEWNET), Hang An
- [ANNOUNCE] libnftnl 1.2.4 release, Pablo Neira Ayuso
- nftables and IPv6 prefix delegation (regression vs ip6tables),
Ian Pilcher
- [ANNOUNCE] ulogd 2.0.8 release,
Pablo Neira Ayuso
- How to add set element with libnftnl?, Ian Pilcher
- Re: How to allow traffic over VPN across namespaces using nftables, Ruben Di Battista
- Updating set elements from command line,
Eric
- Reliably flushing individual tables in nftables,
Kevin P. Fleming
- [ANNOUNCE] conntrack-tools 1.4.7 release, Phil Sutter
- Kernel 6.0.0 bug pptp not work,
Martin Zaharinov
- Rule does not work. This is configuration error or bug?,
Bruno Meirelles
- Bug Report Flowtable NFT with kernel 5.19.9, Martin Zaharinov
- Re: Change in nft set element add syntax?,
Pablo Neira Ayuso
- BUG: soft lockup on kernel 5.19.9 when attempting FTP connections,
Bruno de Paula Larini
- [doc?] nftables; symbolic variable definition only allows suffixed comments, grin
- how to use meters?,
Kamil Jońca
- proper ICMPv6 syntax for specific daddr,
Tom
- Segmentation fault when starting conntrackd,
Viton, Pedro (Nokia - ES/Madrid)
- conntrackd "issue" in asymmetric scenario with TCP vs ICMP,
Martin Gignac
- [ANNOUNCE] 17th Netfilter Workshop in Seville, Spain,
Pablo Neira Ayuso
- List chain during attack high CPU usage,
Brskt
- egress hook, Lynx de Cat
- Re: Upgrading iptables firewall on Red Hat Enterprise Linux 9.0, John Haxby
- Raw payload matching beyond 2040 bits,
Julien Moutinho
- Packets lost in netfilter & Altering outgoing packet's mac address,
Ludvig Sandh
- Running nft --check as non-root,
Peter Hoeg
- [ANNOUNCE] nftables 1.0.5 release,
Pablo Neira Ayuso
- [ANNOUNCE] libnftnl 1.2.3 release, Pablo Neira Ayuso
- Requirements for nft nat pre/postrouting chains?,
Dominique MARTINET
- Select a wrong source address on ipv4 masquerade, Hiroaki Mizuguchi
- REDIRECTing many ports to one leads to 4-tuple conflicts,
John Howard
CONNMARK rules,
Richard Lucassen
Bug in the wiki,
Nuno Gonçalves
Creating a map with libnftnl,
Kiernan George
limit usage, Ignacio Freyre
ABI Breakage - nftnl_rule_parse_attr_cb,
Kiernan George
Create Rule w/ Source IP Example,
Kiernan George
iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script,
Amish
Routing table does not assign correct output IP address after nftables "chain" chain, Tito Sacchi
Bridge table: binding the rules to specific instances of the bridge, Eugene Crosser
Support for String Match Blocking in NFTables,
Gmail Support
nf_queue flush on deletion,
Jordan Griege
extra chains for nftrace, Maximiliano Estudies
[ANNOUNCE] nftables 1.0.4 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.2 release, Pablo Neira Ayuso
IP DNAT on bridged packets destined to local process,
Shirisha Dasari
Validating this is the right conntrack ruleset,
Gio
mixed address family sets and rules in nft,
Marc Haber
libnftables JSON output does not show comment attribute for counter, Sandro
Possibly dangerous interpretation of address/prefix pair in -s option,
Stefan Riha
IPTables ISP Open Port Notices,
Robert Steinmetz
[ANNOUNCE] nftables 1.0.3 release, Pablo Neira Ayuso
traffic shaping with tc and nft,
Lars Noodén
exclude named sets,
Andrew Clark
set of sets, Matt Zagrabelny
nftables: priority handling for changes on the same table,
Florian Eckert
"nft --check" not warning about missing statement in rule,
Alexander Helmer
it is possible to use link group or vrf to make a netdev hook?, Alov, Igor
[ANNOUNCE] iptables 1.8.8 release, Phil Sutter
target and match expression "info" payload decoding in nftables expressions in netlink messages, Harald Albrecht
Question about "masquerade",
Kamil Jońca
Multiple protocols in conntrack tool filtering, Olivier
[ANNOUNCE] libnetfilter_cttimeout 1.0.1 release, Phil Sutter
[ANNOUNCE] libnetfilter_cthelper 1.0.1 release, Phil Sutter
cannot allow outbound ping traffic,
Linux Scoop
Number of rules?, paul.guijt
nft add element .. too many fiules opened,
Peter Hudec
Conditional inclusion of parts of nft file?,
Jesper Dybdal
using sets as snat targets in nat tables,
Maximiliano Estudies
NFTABLES - BRIDGE TRANSPARENT FIREWALL, Computer Planet
Re: nftables snat map with ports, Pablo Neira Ayuso
nftwatch bug fixes, flyingrhino
nft JSON rule output order,
Atkins, Brian
New tool to watch nftables counters - nftwatch, flyingrhino
Proper way to ipsec filtering,
Kamil Jońca
Proper way to use counters for a specific child chain, Gio
ebtables complains about the speeding up example,
Cédric Martínez Campos
Error when using 'time' statement in nftables 1.0.2 rule,
Martin Gignac
Dropping L2 PTP packets using nftables, Joseph Richard
[ANNOUNCE] libnfnetlink 1.0.2 release, Phil Sutter
Redirect rule directly dropping packet, Boyd, Patrick
[ANNOUNCE] libmnl 1.0.5 release, Phil Sutter
SNAT not translating all iperf3 packets,
dynexbeats
Misleading include documentation, Michaël PAULON
bug report and future request,
Martin Zaharinov
json_cmd not working as intended,
Francisco Albani
nftables portknocking,
Frank Wunderlich
NAT translation problem - leakage of packets with original source address,
Marcin Kabiesz
Port pool of CentOS machine, Ameen Al-Azzawi
IP SNAT in a bridge,
Marc SCHAEFER
nftables + docker,
Matthew Ellquist
[ANNOUNCE] nftables 1.0.2 release, Pablo Neira Ayuso
UDP IPVS: Incorrect conntrack entry in reply tuple, Vivek Thrivikraman
[ANNOUNCE] libnetfilter_conntrack 1.0.9 release, Florian Westphal
Want to match on a value from a map lookup, Kyle Rose
Named sets/maps and atomic reload of the ruleset,
Eugene Crosser
Directing some containers into a lower priority interface, Daniel Gray
[ANNOUNCE] Settlement with Patrick McHardy, Pablo Neira Ayuso
[RFC PATCH 0/2] landlock network implementation cover letter,
Konstantin Meskhidze
how to SNAT GRE tunneling?, G7fya GoQ8
nftables: Using ip6 dscp in maps, Brian Davidson
How to understand causes of invalid state for an OUPUT SYNACK packet,
Jerome Barotin
Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more,
etkaar
How to log NAT connections with nftables ?, Olivier
nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more,
etkaar
nftables stateless NAT in raw table mangles fragmented UDP packets,
Steffen Weinreich
Broken link,
yves baumes
Consolidating rules,
yves baumes
[RFC PATCH 0/1] Landlock network PoC,
Konstantin Meskhidze
nftables character limits?,
Gio
Re: [RFC PATCH 0/2] Landlock network PoC implementation,
Mickaël Salaün
Query on CLOSED conntrack entry for sctp,
Vivek Thrivikraman
packet drops after nft migration, Stanisław Czech
Matching metainformation cgroup fails on input, works on output.,
Vladimir Nikishkin
netfilter and virtual machines, Ross Boylan
delete matching rule like it can be done in case of iptables,
Amish
Meaning of "." (dot) in netfilter,
Ross Boylan
Recovery of packet size,
Michael Dickensheets
What is the GPRINT output plugin for?,
Vladimir Nikishkin
Both { tcp, udp} in meta vmap,
Matt Zagrabelny
[ANNOUNCE] nftables 1.0.1 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.1 release, Pablo Neira Ayuso
[ANNOUNCE] libnetfilter_log 1.0.2 release, Pablo Neira Ayuso
bridge-nf-filter-pppoe-tagged not working as expected,
Amish Chana
Issues with SIP NAT for SDP/RTP Addresses,
John Marrett
learning to understand iptables,
serando
reporting a bug?,
Matt Zagrabelny
nft named set address types,
Matt Zagrabelny
how to mark a prerouting package so it will go through my ip route rule,
Jelle de Jong
Improvements to the Home Router Wiki page,
Timothy Ham
Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests,
Philip Prindeville
Getting systemd-nspawn to work with my ruleset, Kevin P
nft list empty,
Nathan Wagner
capwap protocol nested header, pupilla
Flowtable hardware offload, iphone4004
nft numeric output translates tcp flags rule so it cannot be loaded again,
Benno
Deleting rules question,
Daniel
packet reassembling and fragmentation, VELARTIS Philipp Dürhammer
Netfilter flow schematic: routing decision and output hook question, Andrew Bate
broken page,
Paulo Ricardo Bruck
How to add overlapping CIDR blocks in a set and have a way delete them ?,
Shivam Sandbhor
How to load-balance tcp flows to internal dummy interfaces for parallel traffic capture?, Simon Mullis
testing if a named set exists?,
Matt Zagrabelny
netfilter 10,000' overview,
Jeff
Hashlimit without meters in nftables?, Mike Lee
nft set load metrics,
Cristian Constantin
upper limit on number of ip addresses in an NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM message,
Cristian Constantin
invalid type, Paulo Ricardo Bruck
nft 0.9.8 - error in mnl.c - with addition hw interfaces,
Frank Wunderlich
conntrackd internal cache growing indefinitely in active-active setup,
Matt Mercer
integers byte order in netlink/NETLINK_NETFILTER messages,
Cristian Constantin
Re: list vmap counter errot, Pablo Neira Ayuso
base chains with same hook, same priority,
Cristian Constantin
wiki.nftables.org down?,
Matt Zagrabelny
Haproxy's "send-proxy-v2" doesn’t work when conntrack is disabled,
InterNetX - Marc Reymann
nft set type list, Fatih USTA
Error: conflicting intervals specified - Bullseye 0.9.8,
Daniel
conntrackd syncing specific ct zones,
Tobias Urdin
Upgrading from kernel 5.12.19 to 5.13.13 made "ct state invalid" match IPv6 link-local addresses in tunnels, Marcel Menzel
Cannot reference sets in later rules until next nft run,
martin f krafft
Fwd: IP daddr filtering not working for non-routable address,
Niko Kortström
Invalidate conntrack using iptables rule,
halfdog
How to disable network access for certain applications via nftables?, Sheran
[ANNOUNCE] nftables 1.0.0 release,
Pablo Neira Ayuso
conntrack: confirm existing but do not create new entries,
Eugene Crosser
NAT - how external source port is selected,
Daniel
AW: NAT - how external source port is selected, Thomas Bätzler
nft tool slow down due to large ipv4 addresses sets,
Cristian Constantin
[PATCH] conntrackd: cache: fix zone entry uniqueness in external cache,
Adam Casella
ulogd packet based logging with CT info,
Blažej Krajňák
nfnetlink_queue -- why linear lookup ?, alexandre.ferrieux
nftables - quota isn't working?,
pauloric
[Index of Archives]
[Linux Netfilter Development]
[Advanced Routing & Traffice Control]
[Netem]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
[Linux Kernel Development]