Linux Netfilter / IP Tables
[Prev Page][Next Page]
- Dropping L2 PTP packets using nftables, Joseph Richard
- [ANNOUNCE] libnfnetlink 1.0.2 release, Phil Sutter
- Redirect rule directly dropping packet, Boyd, Patrick
- [ANNOUNCE] libmnl 1.0.5 release, Phil Sutter
- SNAT not translating all iperf3 packets,
dynexbeats
- Misleading include documentation, Michaël PAULON
- bug report and future request,
Martin Zaharinov
- json_cmd not working as intended,
Francisco Albani
- nftables portknocking,
Frank Wunderlich
NAT translation problem - leakage of packets with original source address,
Marcin Kabiesz
Port pool of CentOS machine, Ameen Al-Azzawi
IP SNAT in a bridge,
Marc SCHAEFER
nftables + docker,
Matthew Ellquist
[ANNOUNCE] nftables 1.0.2 release, Pablo Neira Ayuso
UDP IPVS: Incorrect conntrack entry in reply tuple, Vivek Thrivikraman
[ANNOUNCE] libnetfilter_conntrack 1.0.9 release, Florian Westphal
Want to match on a value from a map lookup, Kyle Rose
Named sets/maps and atomic reload of the ruleset,
Eugene Crosser
Directing some containers into a lower priority interface, Daniel Gray
[ANNOUNCE] Settlement with Patrick McHardy, Pablo Neira Ayuso
[RFC PATCH 0/2] landlock network implementation cover letter,
Konstantin Meskhidze
how to SNAT GRE tunneling?, G7fya GoQ8
nftables: Using ip6 dscp in maps, Brian Davidson
How to understand causes of invalid state for an OUPUT SYNACK packet,
Jerome Barotin
Re: nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more,
etkaar
How to log NAT connections with nftables ?, Olivier
nftables >= 0.9.8: atomic update (nft -f ...) of a set not possible any more,
etkaar
nftables stateless NAT in raw table mangles fragmented UDP packets,
Steffen Weinreich
Broken link,
yves baumes
Consolidating rules,
yves baumes
[RFC PATCH 0/1] Landlock network PoC,
Konstantin Meskhidze
nftables character limits?,
Gio
Re: [RFC PATCH 0/2] Landlock network PoC implementation,
Mickaël Salaün
Query on CLOSED conntrack entry for sctp,
Vivek Thrivikraman
packet drops after nft migration, Stanisław Czech
Matching metainformation cgroup fails on input, works on output.,
Vladimir Nikishkin
netfilter and virtual machines, Ross Boylan
delete matching rule like it can be done in case of iptables,
Amish
Meaning of "." (dot) in netfilter,
Ross Boylan
Recovery of packet size,
Michael Dickensheets
What is the GPRINT output plugin for?,
Vladimir Nikishkin
Both { tcp, udp} in meta vmap,
Matt Zagrabelny
[ANNOUNCE] nftables 1.0.1 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.1 release, Pablo Neira Ayuso
[ANNOUNCE] libnetfilter_log 1.0.2 release, Pablo Neira Ayuso
bridge-nf-filter-pppoe-tagged not working as expected,
Amish Chana
Issues with SIP NAT for SDP/RTP Addresses,
John Marrett
learning to understand iptables,
serando
reporting a bug?,
Matt Zagrabelny
nft named set address types,
Matt Zagrabelny
how to mark a prerouting package so it will go through my ip route rule,
Jelle de Jong
Improvements to the Home Router Wiki page,
Timothy Ham
Iptables, et al best practices for protecting KVM host sharing "hostdev" (ixgbe-vf) interfaces with guests,
Philip Prindeville
Getting systemd-nspawn to work with my ruleset, Kevin P
nft list empty,
Nathan Wagner
capwap protocol nested header, pupilla
Flowtable hardware offload, iphone4004
nft numeric output translates tcp flags rule so it cannot be loaded again,
Benno
Deleting rules question,
Daniel
packet reassembling and fragmentation, VELARTIS Philipp Dürhammer
Netfilter flow schematic: routing decision and output hook question, Andrew Bate
broken page,
Paulo Ricardo Bruck
How to add overlapping CIDR blocks in a set and have a way delete them ?,
Shivam Sandbhor
How to load-balance tcp flows to internal dummy interfaces for parallel traffic capture?, Simon Mullis
testing if a named set exists?,
Matt Zagrabelny
netfilter 10,000' overview,
Jeff
Hashlimit without meters in nftables?, Mike Lee
nft set load metrics,
Cristian Constantin
upper limit on number of ip addresses in an NFNL_SUBSYS_NFTABLES<<8|NFT_MSG_NEWSETELEM message,
Cristian Constantin
invalid type, Paulo Ricardo Bruck
nft 0.9.8 - error in mnl.c - with addition hw interfaces,
Frank Wunderlich
conntrackd internal cache growing indefinitely in active-active setup,
Matt Mercer
integers byte order in netlink/NETLINK_NETFILTER messages,
Cristian Constantin
Re: list vmap counter errot, Pablo Neira Ayuso
base chains with same hook, same priority,
Cristian Constantin
wiki.nftables.org down?,
Matt Zagrabelny
Haproxy's "send-proxy-v2" doesn’t work when conntrack is disabled,
InterNetX - Marc Reymann
nft set type list, Fatih USTA
Error: conflicting intervals specified - Bullseye 0.9.8,
Daniel
conntrackd syncing specific ct zones,
Tobias Urdin
Upgrading from kernel 5.12.19 to 5.13.13 made "ct state invalid" match IPv6 link-local addresses in tunnels, Marcel Menzel
Cannot reference sets in later rules until next nft run,
martin f krafft
Fwd: IP daddr filtering not working for non-routable address,
Niko Kortström
Invalidate conntrack using iptables rule,
halfdog
How to disable network access for certain applications via nftables?, Sheran
[ANNOUNCE] nftables 1.0.0 release,
Pablo Neira Ayuso
conntrack: confirm existing but do not create new entries,
Eugene Crosser
NAT - how external source port is selected,
Daniel
AW: NAT - how external source port is selected, Thomas Bätzler
nft tool slow down due to large ipv4 addresses sets,
Cristian Constantin
[PATCH] conntrackd: cache: fix zone entry uniqueness in external cache,
Adam Casella
ulogd packet based logging with CT info,
Blažej Krajňák
nfnetlink_queue -- why linear lookup ?, alexandre.ferrieux
nftables - quota isn't working?,
pauloric
Why aren't INPUT and FORWARD chains available to a locally-generated packet?,
Harry S
Re: Why aren't INPUT and FORWARD chains available to a locally-generated packet?, Reindl Harald
[ANNOUNCE] ipset 7.15 released, Jozsef Kadlecsik
which example to use?, Stéphane Charette
[ANNOUNCE] ipset 7.14 released, Jozsef Kadlecsik
[nft] Regarding `tcp flags` (and a potential bug),
Tom Yan
[ANNOUNCE] ipset 7.13 released,
Jozsef Kadlecsik
Dropping UDP packets to port 53 containing known domain string?,
Tom
Feature request on ip[6]tables-restore-translate, Stephen Satchell
OK, IPv4 vs IPv6 is driving me crazy,
Stephen Satchell
nftables element not in set,
Stephen Satchell
Criticism welcome: nftables rp_filtering in and out, Stephen Satchell
OK, I give up., Stephen Satchell
Need two routers in tandem to implement BGP38?, Stephen Satchell
ip[6]tables implementation of rf_filter, Stephen Satchell
Handle a packet by netfilter after traversing a veth pair,
Eugene Crosser
Netfilter rules to replicate, consume ingress packet locally and forward clone packet,
rakesh goyal
Redirect all traffic or range of ports to an IP,
Daniel
Strange behavior of the ctdir option, CoD DoC
IP Addresses Changed to Hostnames in IPTables,
slow_speed
Re: IP Addresses Changed to Hostnames in IPTables, Reindl Harald
libnetfilter_queue: Access conntrack info,
Psyspy 22
Reload IPtables,
slow_speed
Problem when routing UDP port 53, Pierre Couderc
Legacy?,
slow_speed
Rules,
slow_speed
How to rewrite dest.IP of UDP packets, cloned by TEE target?, Thomas Conrath
Question regarding licensing terms and compliance, 洪湘晴
nftables CONFIG_NFT_OBJREF "ct helper set", Stefan Hartmann
#netfilter IRC channel now on libera.chat, Arturo Borrero Gonzalez
[ANNOUNCE] nftables 0.9.9 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.0 release, Pablo Neira Ayuso
libnetfilter_conntrack: ABI breakage error,
Psyspy 22
Possible to load balance (nftlb) mostly NFS traffic with important connections?,
Carsten Aulbert
Running an active/active firewall/router (xt_cluster?),
Oliver Freyermuth
Re: Running an active/active firewall/router (xt_cluster?), Pablo Neira Ayuso
Forcing SNAT to preserve the original source port, Carsten
wiki.nftables.org down,
Frank Myhr
Commas or Spaces?,
slow_speed
nf does not DNAT, but also does not not-NAT, Przemysław Kowalczyk
nftables equivalent for iptable rules.,
R C
Why is it impossible to DNAT 127.0.0.0/8?,
Quentin, Lars
Flowtable with ppp/bridge,
Frank Wunderlich
nftables auto-merge on combined sets,
Frömmel, Christian
conntrackd inverted NAT address, endianness issue?,
Tao Gong
nftables support for cgroup v2 filtering by path,
Yves Perrenoud
nftables port forward on DHCP interface to static IP,
Pekka Järvinen
Fail-closed option? (Make all policies "drop" by default for newly created namespaces),
mose
ebtables rules for specific bridge, Ian Pilcher
device list reversed,
Frank Wunderlich
List and reimport Ruleset fails with "Error: transport protocol mapping is only valid after transport protocol match",
Henning Reich
nftables "stateful object" nomenclature,
Frank Myhr
SNAT/Masquerade not modifying the Source IP randomly, Pavan Amancherla
nft show counter,
Frank Wunderlich
bridge-nf-call-iptables: checking bridge vs. IP context?,
Linus Lüssing
Creating named set,
paul.guijt
Script to manage a simple DynDNS whitelist based firewall using nftables, etkaar
hw flow offload - nft crosscompile,
Frank Wunderlich
Startup script for ssdp helper app, Budge
nfqueue ethernet packet frame capture,
ilker
How to troubleshoot (suspected) flowtable lockups/packet drops?,
Martin Gignac
How to concatenate subnet with port in a set?,
etkaar
wiki.nftables.org Certificate expired,
Philipp Rintz
Traffic drops when using flow offload for nftables based NAT,
tech
[HEADS UP] bugzilla.netfilter.org is under maintainance,
Pablo Neira Ayuso
IP MASQUERADE isn't working properly, Ameen Al-Azzawi
when will nftables have ability to delete matching rule like iptables?,
Amish
nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...,
Stefan Hartmann
nft_set_type, Frank Myhr
Matching l3mdev output interface in snat,
Daniele Orlandi
iptables masquerade source ip selection issue, Derrick Lim
'Did not kill' written out when redirecting 'nft list ruleset' in 0.9.8,
Martin Gignac
[ANNOUNCE] ipset 7.11 released, Jozsef Kadlecsik
libnetfilter_queue : Parsing payload,
Psyspy 22
libnetfilter_queue example, Psyspy 22
iptables-nft: masquerade choosing wrong source ip on lo, Etienne Champetier
Wildcards / large ranges in concatenations,
Frank Myhr
Initial loading of ruleset slower than subsequent tries, Martin Bochenek
traffic shaping with tc on Linux 5.4.x,
Lars Noodén
Incoming Connections with IPv6 NETMAP for Multiple ISPs Only Work for 1 ISP at a time., Adam Goldberg
Constraints on nft expressions and statements in inet ingress chains,
Frank Myhr
Unable to create a chain called "trace",
Martin Gignac
Where is the ICMP *type* information in nft 0.9.8 trace output?,
Martin Gignac
FTP behind NAT on a non-standard port,
mikhalich123
nftables typeof concatenation support for vmap?,
Frank Myhr
[ERROR] inject-add2: File exists / [ERROR] inject-upd2: Device or resource busy, Bernd Naumann
parser problem in range map?,
Andreas Schultz
libnetfilter_queue needs libnfnetlink?, Psyspy 22
Use case of nftables + Linux combination as network firewall,
Younwook Jang
[Index of Archives]
[Linux Netfilter Development]
[Advanced Routing & Traffice Control]
[Netem]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
[Linux Kernel Development]
