Linux Netfilter / IP Tables
[Prev Page][Next Page]
Found extra tables in nft ruleset,
Lars Noodén
Why inet table doesn't support nat prerouting chain?,
Glen Huang
LXD Container can't access trough host address, Franz Schneider
Is it possible to get a transparent proxy with Redsocks when using the new nftables?,
Verachten Bruno
nftables offload doesn't seem to work,
Patrick McLean
Demystifying sets,
jon_netfilter
wiki acess, pauloric
loadbalance with 2 or more links,
pauloric
[ANNOUNCE] ipset 7.6 released, Jozsef Kadlecsik
Typo in the 'Mangle TCP options' wiki pages, Pieter van Leuven
Waiting until first release of NFTABLES,
Stephen Satchell
Automatically maintaining unique list of addresses,
Lars Noodén
NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c,
Vieri Di Paola
Resetting SKB CT, Mathew Heard
Problems with CONNTRACK --restore-mark, Bernd Jerzyna
Difficulties with ulog / NFCT,
Alessandro Vesely
nfnetlink: This library is not meant as a public API for application developers.,
Alessandro Vesely
[nftables 0.9.2] does jump require a kconf to be set to get it working?,
ѽ҉ᶬḳ℠
iptables MASQUERADE considering route source hints, Max Stritzinger
Does anybody experience kernel crush when 'ebtable -t nat -L',
양유석
Compiling nftables with stack-protector-strong fails checksec's canary check,
Glen Huang
[nftables] economics of reverse path filtering - FIB expression vs. kernel parameter,
ѽ҉ᶬḳ℠
nftables "native interface" for IPv6 NPT?,
Haochen Tong
Netfilter state synchronisation in IPv6 only networks?, Nico Schottelius
[firewall context] packet presentation for dual WAN interfaces on the same link - eth <> pppoe?,
ѽ҉ᶬḳ℠
Metering is not working with dynamic sets on nft v0.9.2,
darius
[nftables] inherent benefits from XDP?, ѽ҉ᶬḳ℠
[nftables] xtables-addons - GeoIP/ASN filter and lscan replicable?,
ѽ҉ᶬḳ℠
[nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?,
ѽ҉ᶬḳ℠
Redirect bridged traffic,
Jaga Doe
[nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?,
ѽ҉ᶬḳ℠
[nftables v0.9.2] inet <> ip | ip6 family tables processing order?,
ѽ҉ᶬḳ℠
[nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?,
ѽ҉ᶬḳ℠
nftables simple configuration, Jaga Doe
nftables routing decision,
Иванов Роман
[nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule,
ѽ҉ᶬḳ℠
Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule, Duncan Roe
Is it possible to differentiate a nmap port scan from a syn flood attack?, Miriam Rico
Lint for nftables,
Stephen Satchell
BNF for nftables?,
Stephen Satchell
[nftables v0.9.2] hoplimit mutually exclusive with with saddr/daddr?,
ѽ҉ᶬḳ℠
nft -f fails to merge some chains in same table but defined in separate blocks,
Frank Myhr
[MAINTENANCE] migrating git.netfilter.org,
Pablo Neira Ayuso
nftables atomic updates,
Frank Myhr
Multiples Chain with same hook - Default-Behavior?, Thomas Luening
nft multiple port exception,
david@xxxxxxxxx
Bulk loading of IP addresses or subnets in nftables?,
Lars Noodén
manipulating the ttl,
Daniel Lakeland
nft icmp type all?,
Robert Sander
TCP 4 way handshake or TCP Split Handshake Attack,
Fatih USTA
Policy routing Docker host not forwarding return traffic if marked, Felipe Arturo Polanco
nftables: Allow NAT Access with Timeout,
Mike Dillinger
nftables equivalent for iptables -m recent,
Sig Pam
nftables static routing fails,
david NEW
[ANNOUNCE] ipset 7.5 released, Kadlecsik József
nft script file, using include with wildcards,
Alberto Spin
IPv6 parsing issues in conntrackd?, Nico Schottelius
nftables with secmark and ipsec, Christian Göttsche
Assertion error when using map,
Changli Gao
[nft 0.9.2] cannot get sets to work - Error: Could not process rule: Not supported,
ѽ҉ᶬḳ℠
RFC -- IPTABLES vs NFTABLES vs BPFILTER,
Stephen Satchell
Weird/High CPU usage caused by LOG target,
Tom Yan
geoip not working as expected, Felix
trying to duplicate udp packets destined for port 67 to port 6767 on same host,
Mike
xt_cluster for IPv6, Valentin Vidić
How to forward marked packets with same local IP?, Felipe Arturo Polanco
[PATCH] nftables: Bump dependency on libnftnl to 1.1.5, Jan-Philipp Litza
[ANNOUNCE] nftables 0.9.3 release,
Pablo Neira Ayuso
[ANNOUNCE] iptables 1.8.4 release, Phil Sutter
[ANNOUNCE] ebtables 2.0.11 release,
Pablo Neira Ayuso
[ANNOUNCE] arptables 0.0.5 release, Pablo Neira Ayuso
nftables: No prefixes in anonymous sets?,
Jan-Philipp Litza
WARNING: CPU: 9 PID: 0 at net/netfilter/nf_conntrack_core.c:977 __nf_conntrack_confirm+0x4e5/0x6f0 [nf_conntrack],
Harald Dunkel
Doubts about netfilter + nftables and module,
Elias Valea Peri
How to prevent SNAT rules from being applied to 'ICMP time exceeded' responses?, Gordon Fish
Mysql has problem with synproxy,
İbrahim Ercan
Netfilter hook doesn't see all packets,
Psyspy rambo
ipset bitmap:port question,
A L
Upgrading libnetfilter_queue to use nftables,
Alessandro Vesely
Trouble getting SYNPROXY to work.,
Pigi
ebtables dnat rule gets system frozen,
Tom Yan
Length module, docs "incorrect" or something else?, Andreas Sikkema
[ANNOUNCE] ipset 7.4 released, Kadlecsik József
Distinguish local from routed traffic, Robert Dahlem
IPv6 nft vs ip6tables - Local incompatibility ?,
Daniel Huhardeaux
Named sets with timeout,
Matt
Been having mail server issues so been unable to reply properly, Aaron Gray
understanding my MASQURADING and SNAT problem,
Aaron Gray
How to implement transparent proxy in bridge through nftables, Ttttabcd
Snapped nftables, Paweł Krawczyk
nftables v0.9.0 netlink: Error: set is not a map,
Daniel Huhardeaux
CFS for Netdev 0x14 open!, Jamal Hadi Salim
Status of BPFilter?, A L
Counting over a bridge, Cristian Morales Vega
flowtable breaks masquerade for dnat flows,
Jonathan Rudenberg
syn-flag-check from outside not working, Thomas Luening
nft - execute command without returning error,
Daniel Huhardeaux
nft and defined variables,
Daniel Huhardeaux
nft -- documentation on fib_addrtype missing, more data,
Stephen Satchell
nft -- documentation on fib_addrtype missing,
Stephen Satchell
nft tproxy without iproute2 rule,
Norman Rasmussen
TEE target and gateway as MAC address, Vieri Di Paola
Cannot add ip6 elements to a named set,
Matt
nft: auto-merge set doesn't merge overlapping intervals,
Richard Stanway
How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10,
Jags
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, zrm
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Jags
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Reindl Harald
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Jags
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Reindl Harald
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Jags
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Reindl Harald
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Jags
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Reindl Harald
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Neal P. Murphy
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Jags
iptables TEE target and system slowdown, Vieri Di Paola
NAT statements in nft command documentation are misleading, Ted Roo
[PATCH] ipset: Add wildcard support to net,iface,
Kristian Evensen
Intermix ip,ip6 saddr,
Anton Rieger
Regarding flowtables and conntrack, Otto Reinikainen
queue bypass not working?,
Charles Eidsness
nft set elements: Comment not available for elements?,
Bernd Naumann
How is nftables + IFB,
John Mok
sip helper work with tcp?, Brian J. Murrell
Can't run meters example - "Could not process rule: Operation not supported",
Oscar Muñoz Garrigós
Registration in bugtracker not working, Антон Блудов
Info on the "ct" selector,
Thomas
Determine cgroup ID for nftables,
Pavel Volkov
server behind a nftables NAT, Luke Whittlesey
Loading nft,
Matt
Clarification on dynamic nft sets, Damien Robert
ipt to nft,
Matt
nft ruleset help,
Thomas
nftables.service - nftables - Active: active (exited) | nftables exits immediately in Debian server,
Jags
Whither masquerading RANDOM_FULLY?,
Mike Spreitzer
Why MASQUERADE --to-ports ?,
toml@xxxxxxx
HA firewall providing "masquerade": SNAT the only way to go?,
Bernd Naumann
Packet Marks with UDP and portforwarding,
Philip Schaten
IPTV, Info
eBPF for firewalls?, Trent W. Buck
Lightweight ipset API?,
Ian Pilcher
Subject: Kernel crash; ipset comments overwritten - ipset v6.23.,
G.W. Haywood
[ANNOUNCE] nftables 0.9.2 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.1.4 release,
Pablo Neira Ayuso
Fail2ban integration,
Kim Lee
Filtering specific bytes from packet layer 7 payload,
flyingrhino
issue with conntrackd wrt handling dead connections,
Michael Schnyder
nftables Won't Restore with Timeout/Expire,
Mike Dillinger
meter in 0.9.1 (nft noob question),
Trent W. Buck
conntrack vs. ICMPv6 policy (RFC 4890), Trent W. Buck
[PATCH v1 1/1] Simplify unpacking start/end tuples from database,
Philip Prindeville
nftables: one rule to rule them all?,
Fran Fitzpatrick
connlimit unexplained behaviour with local connections,
Nik
"Byteorder mismatch" for "iifname {ppp*}"? (nft noob question),
Trent W. Buck
[ANNOUNCE] ipset 7.3 released, Jozsef Kadlecsik
one chain, two hooks (nft noob question),
Trent W. Buck
ct state vmap (nft noob question),
Trent W. Buck
iiftype loopback vs. iif lo (nft noob question),
Trent W. Buck
Backwards compatibility with iptables etc.,
Hans Malissa
Portknocking example wiki.nftables.org,
Matthias Maier
chain comments,
Trent W. Buck
nftables.service ".d" support,
Trent W. Buck
nft version 0.9.1 add rule with match all using kernel 4.14,
Charles Eidsness
nft create chain in version 0.9.1?, Charles Eidsness
[ANNOUNCE] New Netfilter core team member: Phil Sutter, Arturo Borrero Gonzalez
Nftables replacement for -j CT --notrack,
Tomas Mudrunka
Traffic shaping and accounting using nftables (ISP scenario), Tomas Mudrunka
NFT ratelimit with arbitrary timeframe, Tomas Mudrunka
100% CPU utilization when running iptables (nft interface) as non-root user,
Amish
NAT rules failing with kernel 5.2,
Amish
nftables controlling IPv6 and iptables controlling IPv4 (possible?),
Amish
3-way handshake sets conntrack timeout to max_retrans,
Jakub Jankowski
Connection timeouts due to INVALID state rule,
Will Storey
Migrating from iptables to nft, James Courtier-Dutton
[nft 0.9.0] MSS clamping producing Error: Could not process rule: No such file or directory,
ѽ҉ᶬḳ℠
Conntrack cannot delete connections,
Benny Lyne Amorsen
when nfqnl_test utility ( libnetfilter_queue project ) drops a packet the utility receives this packet again (in the loop), Valeri Sytnik
Question about nf_conntrack_proto for IPsec,
Naruto Nguyen
Two suggestions for the nftables wiki, Elizondo Camacho
[ANNOUNCE] nftables 0.9.1 release, Pablo Neira Ayuso
nft ct original oddity,
Simon Kirby
Is this possible SYN Proxy bug?,
İbrahim Ercan
[ANNOUNCE] ipset 7.2 released, Jozsef Kadlecsik
How long TCP state change from SYN_RECV to ESTABLISHED should take?,
iam@xxxxxxxxxxx
How to use concatenation ipv4_addr . inet_proto . inet_service,
Vladimir Khailenko
How to restore CONNMARKs in raw table?,
Felipe Arturo Polanco
Re: How to restore CONNMARKs in raw table?, Fatih USTA
iptables on kernel 5.1.x,
Nicolas Bock
Announcing Netdev 0x14, Jamal Hadi Salim
[ANNOUNCE] iptables 1.8.3 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.1.3 release, Pablo Neira Ayuso
Using Map/Set from different table,
Zheng konia
Content problem in Simple rule management - nftables wiki, 林博仁
ESTABLISHED and ACK PSH,
Roman Serbski
replace iptables to nftables, Thiago Anderson
nat INPUT chain not used for local-to-local packets,
zrm
Message not available
Re: nat INPUT chain not used for local-to-local packets, Reindl Harald
How to debug iptables/conntrack?,
Dexuan Cui
conntrackd.conf: multiple IP addresses in the IPv4_Destination_Address field, Sergey Nikitin
Using SYN Proxy to protect servers that have different wscale,
İbrahim Ercan
"nft - f <file>" errors unless "nft flush ruleset" called first, H Craig
Chain outbound,
Paul Fontenot
<Possible follow-ups>
Chain outbound, Paul Fontenot
NFTables and Openvpn killswitch, Paul Fontenot
ip6 nat nftables trouble, Frank Carmickle
loose/strict source route option filtering,
Stephen Suryaputra
Fwd: filter packet ip|fqdn http destination,
Gianluca Gargiulo
conntrack-tools: conntrackd returns "[ERROR] unknown layer 3 protocol", Daniel Thiele
Writing a userland IP network crypto using netfilter mangling,
Kees-Jan Hermans
ESTABLISHED tcp conntrack timeout, Naruto Nguyen
iptables: undefined symbol: xtables_find_target_revision,
nhhabsburglothringen
What should happen when the size of a nftables set is reached?,
Mikhail Morfikov
Limiting connections with nft,
Mikhail Morfikov
Banning IP addresses with extended timeout,
Mikhail Morfikov
nft delete rule, murugesh pitchaiah
Unable to build nftables,
Mikhail Morfikov
[Index of Archives]
[Linux Netfilter Development]
[Advanced Routing & Traffice Control]
[Netem]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
[Linux Kernel Development]
