Linux Netfilter / IP Tables
[Prev Page][Next Page]
nft tproxy failed to redirect on one system,
Carl Lei
Iptables and DDoS attacks,
Hack3rcon
Incompatibility when use python3-nftables and iptables-nft,
Wayne Bao
Incomprehensible behavior,
toml
nftables 1.0.6: snat with maps,
Mucha Marcin, Sieciuch.com
nftables 1.0.6: snat with maps,
Mucha Marcin, Sieciuch.com
I need help about to rewrite some iptables rules, hack3rcon
Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem?,
toml
converting iptables/ip6tables to efficient nftables rules,
Tim Mooney
ct state module issue,
Matt Zagrabelny
nftables 1.0.8 showing invalid type for ip dscp,
Brian Davidson
skb->mark not cleared for MLDv2 Reports? (skb->mark == 212 / 0xd4),
Linus Lüssing
[ANNOUNCE] nftables 1.0.8 release, Pablo Neira Ayuso
Ingress filter issue with pedit, R Keith Beal
[ANNOUNCE] libnftnl 1.2.6 release,
Pablo Neira Ayuso
Doubt on Iptables protocol extension, Nayan Gadre
pedit "pass" nonfunctional on ingress?, Dave Taht
Processing nftable rules without loading them into the kernel,
George Shuklin
input rule for "related" UDP traffic, Holzwarth Dominique
Best practices on iif usage at persistent ruleset,
Serg
iptables debian 11 package,
Matthew Ellquist
NAT to multiple ranges,
Dmitry
wiki documentation error,
Michael Deegan
Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?,
Jason Vas Dias
ipset hash:net:port:net,
Марк Коренберг
Matching on protocols inside IPv6 IPSec AH (legacy vs nft),
Jacek Tomasiak
nft list sets changed behavior,
nft . ogxzcrqhuhgchbvxcs4j7wws
Modify packet without NAT,
public1020
Rule-based traffic/port mirroring, Sandip Gangakhedkar
HW Offload to Mellanox ConnectX-5, Wojciech Wrona
Resetting the timeout counter for a named set element?,
Lars Noodén
IPv4 Evil Bit,
Marek Küthe
nftables: How to stop further chain traversal after accept verdict,
Tushar Shinde
nftables 0.9.8 - unknown rule handle,
Daniel
nftables mark - tshark show [Frame is marked: False], Daniel
Filter access to user process sockets, Schewe, Jon RTX
Using netfilter to listen on events not working, Igor de Paula
[PATCH] netfilter: fix NULL pointer dereference in nf_confirm_cthelper, Tijs Van Buggenhout
Help use parsing to get a promiscuous level,
Igor de Paula
dst NETMAP,
Rob Hutton
How to configure "full cone" NAT using iptables,
Shane Wang
Documentation for nft-sync,
Ferenc Takacs - Ancelade.com
Why tproxy to 127.0.0.1:port doesn't make packets go through the input chain with iifname lo?,
Glen Huang
Understanding the network stack internals for multicast packets if there is both a raw socket and local subscriber for IGMP messages, Martin Tonusoo
Nft nat map/set net to net multi time, Martin Zaharinov
[PATCH 0/2] netfilter: nfnetlink_log & nfnetlink_queue: enable cgroup id socket info,
Patryk Sondej
ct state vmap no longer works on 6.3 kernel,
Rvfg
Possible to check if ip daddr belongs to an interface in the prerouting chain?,
Glen Huang
[Announce] Foomuuri - New firewall software using nftables, Kim B. Heino
How to use connection tracking with Docker?, Wenfay
Rule error using ct helper for TFTP,
Dario Alcocer
iptables 1.4.16.3 on a Zyxel Router: NOTRACK / CT --notrack not available,
Johannes Erwerle
Help/Advice with Ethernet NAT or "hub-mode" bridge,
Gabriel L. Somlo
Re: Help/Advice with Ethernet NAT or "hub-mode" bridge, Gabriel L. Somlo
Programmatically adding an element into a map using libnftnl,
Kiernan George
Creating a map programmatically using the C library libnftnl,
Kiernan George
Creating a map programmatically with libnftnl,
Kiernan George
nftables: Internal error when checking rules,
Serg
Both SNAT MAC and DNAT MAC on packet, Matthew Bellizzi
rate-limit ssh for both IPv4 and IPv6,
Tim Mooney
[ANNOUNCE] nftables 1.0.7 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.5 release,
Pablo Neira Ayuso
Translating iptables rules with TTL, HL and physdev to nftables,
gaaimen1997
Re: Bug report DNAT destination not work,
Florian Westphal
Could somebody please explain priorities correctly and in an understandable way?,
Binarus
DNS answer packet (UDP) can´t catch´d by application, Thomas Grünert
ipset: update timeout when IP matches,
Fourhundred Thecat
IPVS: conn_tab_bits param for ip_vs > 20 leads to default being set,
Abhijeet Rastogi
allow user to offload tc action to net device : Question, Martin Zaharinov
Subject: Flowtables send packets to broadcast MAC address., Christian Worm Mortensen
drop first SYN packet with nftables,
Stewart Nelson
Ip route flush table X doesn't delete the table?, Varun Tewari
Question about ulogd2 and hostname, italia azzura
nft -f fails with netlink: Error: Could not process rule: Message too long,
Gio
[ANNOUNCE] iptables 1.8.9 release, Phil Sutter
[nft] src: allow for updating devices on existing netdev chain - Test result,
Martin Zaharinov
Using sets across ip and netdev tables, Beep Beep
[ANNOUNCE] ipset 7.17 released, Jozsef Kadlecsik
NFT Flowtable HW Offload,
Martin Zaharinov
bftables and scripts question,
ToddAndMargo
netfilter flowtable software offload,
yves baumes
ipset bug (kernel hang),
Марк Коренберг
[ANNOUNCE] nftables 1.0.6 release, Pablo Neira Ayuso
nftables tutorial for dummies?,
ToddAndMargo
nf_conntrack_helper replacement?,
ToddAndMargo
nftables: origin sport after dstnat,
Aaron Fischer
Which of these 2 rules will consume more CPU? Please guide.,
Amish
[ANNOUNCE] ipset 7.16 released, Jozsef Kadlecsik
NAT6 One to One implement in kernel ?, ayaka
Can Not Send Netlink Messages with Unshare(CLONE_NEWNET), Hang An
[ANNOUNCE] libnftnl 1.2.4 release, Pablo Neira Ayuso
nftables and IPv6 prefix delegation (regression vs ip6tables),
Ian Pilcher
[ANNOUNCE] ulogd 2.0.8 release,
Pablo Neira Ayuso
How to add set element with libnftnl?, Ian Pilcher
Re: How to allow traffic over VPN across namespaces using nftables, Ruben Di Battista
Updating set elements from command line,
Eric
Reliably flushing individual tables in nftables,
Kevin P. Fleming
[ANNOUNCE] conntrack-tools 1.4.7 release, Phil Sutter
Kernel 6.0.0 bug pptp not work,
Martin Zaharinov
Rule does not work. This is configuration error or bug?,
Bruno Meirelles
Bug Report Flowtable NFT with kernel 5.19.9, Martin Zaharinov
Re: Change in nft set element add syntax?,
Pablo Neira Ayuso
BUG: soft lockup on kernel 5.19.9 when attempting FTP connections,
Bruno de Paula Larini
[doc?] nftables; symbolic variable definition only allows suffixed comments, grin
how to use meters?,
Kamil Jońca
proper ICMPv6 syntax for specific daddr,
Tom
Segmentation fault when starting conntrackd,
Viton, Pedro (Nokia - ES/Madrid)
conntrackd "issue" in asymmetric scenario with TCP vs ICMP,
Martin Gignac
[ANNOUNCE] 17th Netfilter Workshop in Seville, Spain,
Pablo Neira Ayuso
List chain during attack high CPU usage,
Brskt
egress hook, Lynx de Cat
Re: Upgrading iptables firewall on Red Hat Enterprise Linux 9.0, John Haxby
Raw payload matching beyond 2040 bits,
Julien Moutinho
Packets lost in netfilter & Altering outgoing packet's mac address,
Ludvig Sandh
Running nft --check as non-root,
Peter Hoeg
[ANNOUNCE] nftables 1.0.5 release,
Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.3 release, Pablo Neira Ayuso
Requirements for nft nat pre/postrouting chains?,
Dominique MARTINET
Select a wrong source address on ipv4 masquerade, Hiroaki Mizuguchi
REDIRECTing many ports to one leads to 4-tuple conflicts,
John Howard
CONNMARK rules,
Richard Lucassen
Bug in the wiki,
Nuno Gonçalves
Creating a map with libnftnl,
Kiernan George
limit usage, Ignacio Freyre
ABI Breakage - nftnl_rule_parse_attr_cb,
Kiernan George
Create Rule w/ Source IP Example,
Kiernan George
iptables 1.8.8 fails with error code 111 but iptables 1.8.7 succeeds with same script,
Amish
Routing table does not assign correct output IP address after nftables "chain" chain, Tito Sacchi
Bridge table: binding the rules to specific instances of the bridge, Eugene Crosser
Support for String Match Blocking in NFTables,
Gmail Support
nf_queue flush on deletion,
Jordan Griege
extra chains for nftrace, Maximiliano Estudies
[ANNOUNCE] nftables 1.0.4 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.2 release, Pablo Neira Ayuso
IP DNAT on bridged packets destined to local process,
Shirisha Dasari
Validating this is the right conntrack ruleset,
Gio
mixed address family sets and rules in nft,
Marc Haber
libnftables JSON output does not show comment attribute for counter, Sandro
Possibly dangerous interpretation of address/prefix pair in -s option,
Stefan Riha
IPTables ISP Open Port Notices,
Robert Steinmetz
[ANNOUNCE] nftables 1.0.3 release, Pablo Neira Ayuso
traffic shaping with tc and nft,
Lars Noodén
exclude named sets,
Andrew Clark
set of sets, Matt Zagrabelny
nftables: priority handling for changes on the same table,
Florian Eckert
"nft --check" not warning about missing statement in rule,
Alexander Helmer
it is possible to use link group or vrf to make a netdev hook?, Alov, Igor
[ANNOUNCE] iptables 1.8.8 release, Phil Sutter
target and match expression "info" payload decoding in nftables expressions in netlink messages, Harald Albrecht
Question about "masquerade",
Kamil Jońca
Multiple protocols in conntrack tool filtering, Olivier
[ANNOUNCE] libnetfilter_cttimeout 1.0.1 release, Phil Sutter
[ANNOUNCE] libnetfilter_cthelper 1.0.1 release, Phil Sutter
cannot allow outbound ping traffic,
Linux Scoop
Number of rules?, paul.guijt
nft add element .. too many fiules opened,
Peter Hudec
Conditional inclusion of parts of nft file?,
Jesper Dybdal
using sets as snat targets in nat tables,
Maximiliano Estudies
NFTABLES - BRIDGE TRANSPARENT FIREWALL, Computer Planet
Re: nftables snat map with ports, Pablo Neira Ayuso
nftwatch bug fixes, flyingrhino
nft JSON rule output order,
Atkins, Brian
New tool to watch nftables counters - nftwatch, flyingrhino
Proper way to ipsec filtering,
Kamil Jońca
Proper way to use counters for a specific child chain, Gio
ebtables complains about the speeding up example,
Cédric Martínez Campos
Error when using 'time' statement in nftables 1.0.2 rule,
Martin Gignac
Dropping L2 PTP packets using nftables, Joseph Richard
[ANNOUNCE] libnfnetlink 1.0.2 release, Phil Sutter
Redirect rule directly dropping packet, Boyd, Patrick
[ANNOUNCE] libmnl 1.0.5 release, Phil Sutter
SNAT not translating all iperf3 packets,
dynexbeats
Misleading include documentation, Michaël PAULON
bug report and future request,
Martin Zaharinov
json_cmd not working as intended,
Francisco Albani
nftables portknocking,
Frank Wunderlich
NAT translation problem - leakage of packets with original source address,
Marcin Kabiesz
Port pool of CentOS machine, Ameen Al-Azzawi
IP SNAT in a bridge,
Marc SCHAEFER
nftables + docker,
Matthew Ellquist
[ANNOUNCE] nftables 1.0.2 release, Pablo Neira Ayuso
UDP IPVS: Incorrect conntrack entry in reply tuple, Vivek Thrivikraman
[ANNOUNCE] libnetfilter_conntrack 1.0.9 release, Florian Westphal
Want to match on a value from a map lookup, Kyle Rose
Named sets/maps and atomic reload of the ruleset,
Eugene Crosser
Directing some containers into a lower priority interface, Daniel Gray
[ANNOUNCE] Settlement with Patrick McHardy, Pablo Neira Ayuso
[RFC PATCH 0/2] landlock network implementation cover letter,
Konstantin Meskhidze
how to SNAT GRE tunneling?, G7fya GoQ8
nftables: Using ip6 dscp in maps, Brian Davidson
How to understand causes of invalid state for an OUPUT SYNACK packet,
Jerome Barotin
Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more,
etkaar
How to log NAT connections with nftables ?, Olivier
nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more,
etkaar
nftables stateless NAT in raw table mangles fragmented UDP packets,
Steffen Weinreich
Broken link,
yves baumes
Consolidating rules,
yves baumes
[RFC PATCH 0/1] Landlock network PoC,
Konstantin Meskhidze
[Index of Archives]
[Linux Netfilter Development]
[Advanced Routing & Traffice Control]
[Netem]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
[Linux Kernel Development]