Linux Netfilter / IP Tables
[Prev Page][Next Page]
- RE: Matching streaming services, (continued)
- nftables with dinamic ip6,
Paulo Ricardo Bruck
- BUG: IPv4 conntrack reassembles forwarded packets, Christian Perle
- How to edit nftables wiki pages?,
Jay Tuckey
- [PATCH libnetfilter_conntrack] examples: check return value of nfct_nlmsg_build(), Eyal Birger
- Correction to nftables wiki,
Brian Pond
- [ANNOUNCE] ipset 7.10 released, Jozsef Kadlecsik
- First packet NAT flow,
Rafael Ganascim
- nftables Set Bug with interval & timeout Flags,
Mike Dillinger
- Flowtable in a load balancer, Eliezer Croitor
- Assistance to troubleshoot nf_nat bug, Mathew Heard
- NAT table seems to be skipped for TCP traffic,
Nicholas Amon
- [FYI] summary of Netfilter workshop 2020 virtual, Arturo Borrero Gonzalez
- FTFW with multicast not working properly,
Jean-Sébastien Frerot
- Re: How to Unblock IP Address of Email Client in Linux iptables Firewall in Linux Mail Server, G.W. Haywood
- nftables "meta priority set" not working,
Daniel Lakeland
- mistakes on wiki,
bbmt
- FYI - how to use libnftables in python,
Arturo Borrero Gonzalez
- [ANNOUNCE] ipset 7.8 released,
Jozsef Kadlecsik
[nftables] cross compiling for arm-linux-gnueabihf?,
ѽ҉ᶬḳ℠
[nftables] frame rate limiting per day/minute not working (bug ?),
ѽ҉ᶬḳ℠
[nftables] frame rate limiting clashing with log rate limiting (bug ?), ѽ҉ᶬḳ℠
Filtering and counting traffic based on the ethernet address, Jonathan Horn
vmap declaration style, Kyle Rose
connlimit allows more established conns than the limit set,
Hildegard Meier
Ethernet headers in pcap files generated by ulogd2, Ririsoft
How to update timeout of a map element?, Piotr Jurkiewicz
IP MASQUERADE isn't being applied on all outgoing packets., Ameen Al-Azzawi
Pure iptables solution for DNS/socks5/http forwarding/transparent proxy in docker environment., Hongyi Zhao
Use the socks5 proxy sever running in the host network from the docker container.,
Hongyi Zhao
[ANNOUNCE] iptables 1.8.6 release, Phil Sutter
nftable rule for VRRP traffic,
Wang, Lihua
Wiki inaccuracy regarding the 'redirect' statement,
dirdi
[ANNOUNCE] nftables 0.9.7 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.1.8 release, Pablo Neira Ayuso
[UPDATES] Renewing Netfilter coreteam PGP keys, Pablo Neira Ayuso
nftables iifname and currently unknown interfaces,
Robert Sander
cannot use != with ct status,
Ramsay, Lincoln
[nftables] Log to DNAT rule,
Alberto
Newbie: IPv6 equivalent of 192.168.178.0/24,
paul.guijt
ulogd2 Error while running, Amiq Nahas
[nftables] frame logging with vmap?, ѽ҉ᶬḳ℠
[nftables] granular rule for combined tcp & udp sports?,
ѽ҉ᶬḳ℠
Re: [nftables] granular rule for combined tcp & udp sports?, Pablo Neira Ayuso
stress testing 40Gbps linux bridge with Mpps - is HFSC a bottleneck?, kaskada
end iptables support,
Emilio Augusto Lazo Zaia
nftables cgroup accounting problem,
azurit
[nftables] multi-level rate limiting with dynamic set, ѽ҉ᶬḳ℠
Redirect traffic to openvpn (client),
Alberto
[nftables] icmp type rate limiting - cumulative for the daddr or selectively per saddr?,
ѽ҉ᶬḳ℠
NFTables: Can not add logs,
Andreas Hoefler
[nftables] packet (filtering) flow NIC vs. PPPoE?,
ѽ҉ᶬḳ℠
Compiling nft-0.9.6,
Rob Sterenborg (Lists)
rate limit SIP INVITES,
sean darcy
[nftables] sets update concatenation?,
ѽ҉ᶬḳ℠
[nftables] log flood protection?,
ѽ҉ᶬḳ℠
Surprising CONNMARK behaviors,
Glen Huang
Rule Count limit,
Jevin Gala
nftables: Define variable with IPv6 suffix match in nft script, Fred F
[nftables] possible to utilise sets across different tables?,
ѽ҉ᶬḳ℠
[nftables] netdev rate limiting | timeouts rfq,
ѽ҉ᶬḳ℠
Howto 2 ipv6 nets, one through ipv4 tun vpn,
Daniel
HELP rules nftables conntrack works,
Luis Mario Niedas Hernández
nft snat with maps for port ranges?,
Jacek Kowalski
No interval possible on Concatenation-Sets,
Siebzehn
Error adding a DNAT rule,
vikaig
Is the concept of BROUTING deprecated and what is the modern alternative?, Pyry Kontio
Filter based on string (or other content),
K. de Jong
nftable - set in diffrent file, Siebzehn
nftable with sets in diffrent files, Siebzehn
synproxy with NAT, Devin Bayer
meter directive,
Devin Bayer
<Possible follow-ups>
Re: meter directive, Eric Peterson
Failing to construct a 'set' for TCP Flag filtering.,
Chris Hall
Nftables rules change when network interfaces disappear,
Mikhail Morfikov
netfilter_queue tutorial,
Tomasz W
inserting rule at the top of the chain using libnftnl, JM
integrating netfilter_queue, Tomasz W
nftables destination ip rewrite - checksum recalculation,
Greenberg, Paul
Nftables src NAT with port range allocation,
Joshua Moore
nftables map with numgen type, not sure if it was implemented?,
Eliezer Croitor
How deactivate a rule using nft cli?,
Luis Mario Niedas Hernández
Multiple labels with connlabel,
Amiq Nahas
Load Balancing WAN connections with nftables, Eliezer Croitor
Explanation of 2 Rules,
Thomas Luening
Use ipset and conntrack with nftables,
Amiq Nahas
Issue migrating "iptables -m socket --transparent" into nftables,
Nirgal Vourgère
Grammar in a bash script,
Mario V Guenzi
error using variable for network device name in 'hook ingress device $external_interface',
Grant C
50k rules and performance issue in nft list table AND iptables-nft,
Ricardo Katz
Nftables 2 WAN,
Daniel
Is it possible to change a chains default policy when rules are already present?,
Andreas Hoefler
ingress hook on interface with multiple addresses ?,
sean darcy
Correct syntax for dnat in inet table?,
Frank-Ulrich Sommer
nft arp, Dennis G
iptables: Log dropped packages due to missing ports when using masquerading,
Janosch Maier
usings sets as input to sets,
harald
iptables by cgroup path no longer works after starting Docker or KVM, Outvi V
No packets appear in ulogd.log, Austin Chamberlin
not able to set ct state rule,
Andreas Hoefler
Raw table on NFT, Cristian Cardoso
sets must have more than 2 elements , and can't "include" a set, sean darcy
Plan B on BCP-38 implementation in NFTABLES, Stephen Satchell
nftables: masquerading not applied consistently,
Thilo-Alexander Ginkel
nftables: Set Elements Listing: One Per Line, Mike Dillinger
nftables: Counters Not Working with Sets of Type Interval,
Mike Dillinger
iptables-nft and unsused default chains, Reindl Harald
IP masquerading not applied in TCP retransmission packets,
Aleksander Morgado
iptables-nft replacement for /proc/net/ip_tables_names,
Reindl Harald
libnftnl vlan type filter,
Andreas Hoefler
Moving from ipset to nftables: Sets not ready for prime time yet?,
Timo Sigurdsson
Filter source IP with UDP/514 destination port and change to UDP/9000,
Roberto Carna
iptables hashlimit scrip and srcport, jamez
callback on adding tables from mnl_cb_run for nftables,
Andreas Hoefler
[nft | wiki] List of updates since Linux kernel 3.13,
ѽ҉ᶬḳ℠
[nft 0.9.3 | kernel 5.4.48] cannot get NAT to work,
ѽ҉ᶬḳ℠
"Operation not supported" when using ct mark, Adam Degenhardt
Address List, Mario Vittorio Guenzi
nftables and connection tracking,
Marek Greško
Re: nftables and connection tracking, Pablo Neira Ayuso
ipsec matching in postrouting nat,
Marek Greško
WiFi Hotspot Disable Neighbor discovery,Ask,
Hooman
[ANNOUNCE] nftables 0.9.6 release, Pablo Neira Ayuso
loadbalance 2 internet links, paulo bruck
nftables drops related traffic,
Robin Kuiper
[ANNOUNCE] libnetfilter_queue 1.0.5 release, Florian Westphal
Looking to contribute to the nftables wiki, Gaelan Lloyd
Documentation.,
G.W. Haywood
[ANNOUNCE] nftables 0.9.5 release, Pablo Neira Ayuso
"Carrier Grade" NAT44 setup,
Maximilian Wilhelm
[ANNOUNCE] libnftnl 1.1.7 release, Pablo Neira Ayuso
[ANNOUNCE] libnetfilter_queue 1.0.4 release, Florian Westphal
Simplifying DNAT Rules using Maps,
Max Ehrlich
[ANNOUNCE] iptables 1.8.5 release, Phil Sutter
[MAINTENANCE] Shutting down FTP services at netfilter.org,
Pablo Neira Ayuso
Expressive limitation: (daddr,dport) <--> (daddr',dport'), Rick van Rein
Value too large for defined data type, ad^2
Let me make sure I have this right (fib),
Stephen Satchell
nft filter cgroup, Christian Schneider
Raw Expression for DNS name?,
ad^2
iif versus meta fib iif,
Stephen Satchell
WTF, over,
Stephen Satchell
Is this a correct usage of the FIB facility of NFTABLES? (BCP-38), Stephen Satchell
FIB filtering (comments, please) (reformatted), Stephen Satchell
FIB filtering (comments, please), Stephen Satchell
Timestamps, NFLOG, and ULOG,
Korodev
Fwd: Raw Expression matching DNS Query?, ad^2
nftables: defining variables containing ipv6 adresses,
Thomas Weberstaedt
saddr, daddr type determination, Stephen Satchell
Systemd, nftables, and iptables,
Stephen Satchell
- Re: Systemd, nftables, and iptables,
- Re: Systemd, nftables, and iptables, Reindl Harald
- Re: Systemd, nftables, and iptables, Alexander Dahl
- Re: Systemd, nftables, and iptables, Trent W. Buck
Netdev conf 0x14 update, Jamal Hadi Salim
Dynamic list for net's,
Іван Щербей
POSTROUTING doesn't apply on all outgoing packets, Walter Laub
-m statistic does not work with 5.6.8, Reindl Harald
nftables NAT & Gaming Consoles,
Mike Dillinger
nftables: Strange Error When Adding Element to Named Set,
Mike Dillinger
Correct usage of nf_ct_get,
b38911 Zxc
Firewall sometimes leaking,
Nick
[Help] Allow website using iptables,
Sơn Đỗ
Using the fib to classify endpoints., Stephen Satchell
Documentation Error on http://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching,
Bob and Sally Public
idempotent nft delete table? (or: why does "flush table" delete rules but keep chains?),
Trent W. Buck
cannot create a nat type base (pre/post routing) chain,
Norbert van Bolhuis
Multicast routed packets do not get SNAT translation performed, Stephen Deiters
Questions around the use of timestamps, Nikolaos Kakouros
nftables and traffic control utility to QoS,
d.gubin
conntrack traffic statistics and connlabel, Fatih USTA
has somebody an idea what fills up the log (5050/udp)?,
Walter H.
possible error in HOWTO, Fred Maranhão
ARP confirmed timestamp update on TCP data flow vs keep-alive, Steffen Heil (Mailinglisten)
[PATCH v1 1/1] Update download script for DBIP database, Philip Prindeville
[PATCH v1 1/1] update MaxMind URL's, Philip Prindeville
Is viewing a "candidate" ruleset in 'nft list ruleset' format possible?,
Martin Gignac
query re dynamic set and limiting,
James Bond
WARNING: at net/sched/sch_generic.c - Reproducible crash & rcu stalls, Christopher S. Aker
marking/routing packets breaks the conntrack rule for NAT, Mickael Bosch
Hello, I have some questions about flowtable., James Bond
validate IPsec outgoing packets using NFtables,
Olivier Alabeatrix
extending element timeout,
Alvaro Leiva
[ANNOUNCE] conntrack-tools 1.4.6, Pablo Neira Ayuso
[ANNOUNCE] libnetfilter_conntrack 1.0.8 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.1.6 release, Pablo Neira Ayuso
[ANNOUNCE] nftables 0.9.4 release,
Pablo Neira Ayuso
[ANNOUNCE] nftlb 0.6 release,
Laura Garcia
netem qdisc destroys traffic in other tc classes (HFSC classes), kaskada
batch update of conntrack?, kaskada
Re: What is the BEST GUI frontend to iptables firewall?,
ѽ҉ᶬḳ℠
Re: What is the BEST GUI frontend to iptables firewall?, Daniel
Re: What is the BEST GUI frontend to iptables firewall?, Eric Garver
[libnftnl] documentation?,
ѽ҉ᶬḳ℠
A question about priority in chains,
darius
Ipv6tov4 address Dnat,
Zheng konia
tc question about ingress bandwidth splitting,
Philip Prindeville
[nftables 0.9.2 | flow table] check whether it works?,
ѽ҉ᶬḳ℠
TCP and UDP dport in the same rule,
Darius
[nftables 0.9.2 | flow table] dynamic (soft) NETDEV,
ѽ҉ᶬḳ℠
nftables 0.9.3, sets with concatentation,
Stefan Hartmann
Interface group ID in flow tables?, Robert White
Boundary Flag for "site" (IPv6) [Kernel Change?], Robert White
[nftables 0.9.2] NETDEV packet drop vs. packet capture visibility,
ѽ҉ᶬḳ℠
Advantage(s) of static over dynamic nftables sets?,
Frank Myhr
[nftables 0.9.2 | kernel 4.19.93] flowtable throws error on deployment (not on check however),
ѽ҉ᶬḳ℠
[nftables 0.9.2 | kernel 4.19.93] flowtable - number of devices limited (7)?,
ѽ҉ᶬḳ℠
[nftables 0.9.2 | kernel 4.19.93] dropping ct state untracked stops ipv6 connectivity,
ѽ҉ᶬḳ℠
Re: use libiptc to build a rule to allow tftp traffic,
Moyuan Chen
Restoring rulesets containing dynamic sets with counters,
Frank Myhr
[Index of Archives]
[Linux Netfilter Development]
[Advanced Routing & Traffice Control]
[Netem]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
[Linux Kernel Development]