Linux Netfilter / IP Tables
[Prev Page][Next Page]
- Re: [Help] Allow website using iptables, (continued)
- Using the fib to classify endpoints., Stephen Satchell
- Documentation Error on http://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching,
Bob and Sally Public
- idempotent nft delete table? (or: why does "flush table" delete rules but keep chains?),
Trent W. Buck
- cannot create a nat type base (pre/post routing) chain,
Norbert van Bolhuis
- Multicast routed packets do not get SNAT translation performed, Stephen Deiters
- Questions around the use of timestamps, Nikolaos Kakouros
- nftables and traffic control utility to QoS,
d.gubin
- conntrack traffic statistics and connlabel, Fatih USTA
- has somebody an idea what fills up the log (5050/udp)?,
Walter H.
- possible error in HOWTO, Fred Maranhão
- ARP confirmed timestamp update on TCP data flow vs keep-alive, Steffen Heil (Mailinglisten)
- [PATCH v1 1/1] Update download script for DBIP database, Philip Prindeville
- [PATCH v1 1/1] update MaxMind URL's, Philip Prindeville
- Is viewing a "candidate" ruleset in 'nft list ruleset' format possible?,
Martin Gignac
- query re dynamic set and limiting,
James Bond
- WARNING: at net/sched/sch_generic.c - Reproducible crash & rcu stalls, Christopher S. Aker
- marking/routing packets breaks the conntrack rule for NAT, Mickael Bosch
- Hello, I have some questions about flowtable., James Bond
- validate IPsec outgoing packets using NFtables,
Olivier Alabeatrix
- extending element timeout,
Alvaro Leiva
[ANNOUNCE] conntrack-tools 1.4.6, Pablo Neira Ayuso
[ANNOUNCE] libnetfilter_conntrack 1.0.8 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.1.6 release, Pablo Neira Ayuso
[ANNOUNCE] nftables 0.9.4 release,
Pablo Neira Ayuso
[ANNOUNCE] nftlb 0.6 release,
Laura Garcia
netem qdisc destroys traffic in other tc classes (HFSC classes), kaskada
batch update of conntrack?, kaskada
Re: What is the BEST GUI frontend to iptables firewall?,
ѽ҉ᶬḳ℠
Re: What is the BEST GUI frontend to iptables firewall?, Daniel
Re: What is the BEST GUI frontend to iptables firewall?, Eric Garver
[libnftnl] documentation?,
ѽ҉ᶬḳ℠
A question about priority in chains,
darius
Ipv6tov4 address Dnat,
Zheng konia
tc question about ingress bandwidth splitting,
Philip Prindeville
[nftables 0.9.2 | flow table] check whether it works?,
ѽ҉ᶬḳ℠
TCP and UDP dport in the same rule,
Darius
[nftables 0.9.2 | flow table] dynamic (soft) NETDEV,
ѽ҉ᶬḳ℠
nftables 0.9.3, sets with concatentation,
Stefan Hartmann
Interface group ID in flow tables?, Robert White
Boundary Flag for "site" (IPv6) [Kernel Change?], Robert White
[nftables 0.9.2] NETDEV packet drop vs. packet capture visibility,
ѽ҉ᶬḳ℠
Advantage(s) of static over dynamic nftables sets?,
Frank Myhr
[nftables 0.9.2 | kernel 4.19.93] flowtable throws error on deployment (not on check however),
ѽ҉ᶬḳ℠
[nftables 0.9.2 | kernel 4.19.93] flowtable - number of devices limited (7)?,
ѽ҉ᶬḳ℠
[nftables 0.9.2 | kernel 4.19.93] dropping ct state untracked stops ipv6 connectivity,
ѽ҉ᶬḳ℠
Re: use libiptc to build a rule to allow tftp traffic,
Moyuan Chen
Restoring rulesets containing dynamic sets with counters,
Frank Myhr
nftables equivalent of "ipset test"?,
Frank Myhr
nft ingress won't work on wireless ?,
sean darcy
Set timeout, gc-interval and size parameters, Frank Myhr
use numgen to create address in rule,
Dennett Ingram
Found extra tables in nft ruleset,
Lars Noodén
Why inet table doesn't support nat prerouting chain?,
Glen Huang
LXD Container can't access trough host address, Franz Schneider
Is it possible to get a transparent proxy with Redsocks when using the new nftables?,
Verachten Bruno
nftables offload doesn't seem to work,
Patrick McLean
Demystifying sets,
jon_netfilter
wiki acess, pauloric
loadbalance with 2 or more links,
pauloric
[ANNOUNCE] ipset 7.6 released, Jozsef Kadlecsik
Typo in the 'Mangle TCP options' wiki pages, Pieter van Leuven
Waiting until first release of NFTABLES,
Stephen Satchell
Automatically maintaining unique list of addresses,
Lars Noodén
NFQUEUE/iptables and kernel warning messages for net/ipv4/tcp_output.c,
Vieri Di Paola
Resetting SKB CT, Mathew Heard
Problems with CONNTRACK --restore-mark, Bernd Jerzyna
Difficulties with ulog / NFCT,
Alessandro Vesely
nfnetlink: This library is not meant as a public API for application developers.,
Alessandro Vesely
[nftables 0.9.2] does jump require a kconf to be set to get it working?,
ѽ҉ᶬḳ℠
iptables MASQUERADE considering route source hints, Max Stritzinger
Does anybody experience kernel crush when 'ebtable -t nat -L',
양유석
Compiling nftables with stack-protector-strong fails checksec's canary check,
Glen Huang
[nftables] economics of reverse path filtering - FIB expression vs. kernel parameter,
ѽ҉ᶬḳ℠
nftables "native interface" for IPv6 NPT?,
Haochen Tong
Netfilter state synchronisation in IPv6 only networks?, Nico Schottelius
[firewall context] packet presentation for dual WAN interfaces on the same link - eth <> pppoe?,
ѽ҉ᶬḳ℠
Metering is not working with dynamic sets on nft v0.9.2,
darius
[nftables] inherent benefits from XDP?, ѽ҉ᶬḳ℠
[nftables] xtables-addons - GeoIP/ASN filter and lscan replicable?,
ѽ҉ᶬḳ℠
[nftables v0.9.2 | kernel 4.19.93] does redirect accept daddr?,
ѽ҉ᶬḳ℠
Redirect bridged traffic,
Jaga Doe
[nftables v0.9.2 | kernel 4.19.93] logging protocols in inet family table require explicit protocol statement?,
ѽ҉ᶬḳ℠
[nftables v0.9.2] inet <> ip | ip6 family tables processing order?,
ѽ҉ᶬḳ℠
[nftables v0.9.2 | kernel 4.19.93] MSS clamping rule possible in the inet family table?,
ѽ҉ᶬḳ℠
nftables simple configuration, Jaga Doe
nftables routing decision,
Иванов Роман
[nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule,
ѽ҉ᶬḳ℠
Re: [nftables v0.9.2 | kernel 4.19.93] ICMPv6 ingress dropped despite accept rule, Duncan Roe
Is it possible to differentiate a nmap port scan from a syn flood attack?, Miriam Rico
Lint for nftables,
Stephen Satchell
BNF for nftables?,
Stephen Satchell
[nftables v0.9.2] hoplimit mutually exclusive with with saddr/daddr?,
ѽ҉ᶬḳ℠
nft -f fails to merge some chains in same table but defined in separate blocks,
Frank Myhr
[MAINTENANCE] migrating git.netfilter.org,
Pablo Neira Ayuso
nftables atomic updates,
Frank Myhr
Multiples Chain with same hook - Default-Behavior?, Thomas Luening
nft multiple port exception,
david@xxxxxxxxx
Bulk loading of IP addresses or subnets in nftables?,
Lars Noodén
manipulating the ttl,
Daniel Lakeland
nft icmp type all?,
Robert Sander
TCP 4 way handshake or TCP Split Handshake Attack,
Fatih USTA
Policy routing Docker host not forwarding return traffic if marked, Felipe Arturo Polanco
nftables: Allow NAT Access with Timeout,
Mike Dillinger
nftables equivalent for iptables -m recent,
Sig Pam
nftables static routing fails,
david NEW
[ANNOUNCE] ipset 7.5 released, Kadlecsik József
nft script file, using include with wildcards,
Alberto Spin
IPv6 parsing issues in conntrackd?, Nico Schottelius
nftables with secmark and ipsec, Christian Göttsche
Assertion error when using map,
Changli Gao
[nft 0.9.2] cannot get sets to work - Error: Could not process rule: Not supported,
ѽ҉ᶬḳ℠
RFC -- IPTABLES vs NFTABLES vs BPFILTER,
Stephen Satchell
Weird/High CPU usage caused by LOG target,
Tom Yan
geoip not working as expected, Felix
trying to duplicate udp packets destined for port 67 to port 6767 on same host,
Mike
xt_cluster for IPv6, Valentin Vidić
How to forward marked packets with same local IP?, Felipe Arturo Polanco
[PATCH] nftables: Bump dependency on libnftnl to 1.1.5, Jan-Philipp Litza
[ANNOUNCE] nftables 0.9.3 release,
Pablo Neira Ayuso
[ANNOUNCE] iptables 1.8.4 release, Phil Sutter
[ANNOUNCE] ebtables 2.0.11 release,
Pablo Neira Ayuso
[ANNOUNCE] arptables 0.0.5 release, Pablo Neira Ayuso
nftables: No prefixes in anonymous sets?,
Jan-Philipp Litza
WARNING: CPU: 9 PID: 0 at net/netfilter/nf_conntrack_core.c:977 __nf_conntrack_confirm+0x4e5/0x6f0 [nf_conntrack],
Harald Dunkel
Doubts about netfilter + nftables and module,
Elias Valea Peri
How to prevent SNAT rules from being applied to 'ICMP time exceeded' responses?, Gordon Fish
Mysql has problem with synproxy,
İbrahim Ercan
Netfilter hook doesn't see all packets,
Psyspy rambo
ipset bitmap:port question,
A L
Upgrading libnetfilter_queue to use nftables,
Alessandro Vesely
Trouble getting SYNPROXY to work.,
Pigi
ebtables dnat rule gets system frozen,
Tom Yan
Length module, docs "incorrect" or something else?, Andreas Sikkema
[ANNOUNCE] ipset 7.4 released, Kadlecsik József
Distinguish local from routed traffic, Robert Dahlem
IPv6 nft vs ip6tables - Local incompatibility ?,
Daniel Huhardeaux
Named sets with timeout,
Matt
Been having mail server issues so been unable to reply properly, Aaron Gray
understanding my MASQURADING and SNAT problem,
Aaron Gray
How to implement transparent proxy in bridge through nftables, Ttttabcd
Snapped nftables, Paweł Krawczyk
nftables v0.9.0 netlink: Error: set is not a map,
Daniel Huhardeaux
CFS for Netdev 0x14 open!, Jamal Hadi Salim
Status of BPFilter?, A L
Counting over a bridge, Cristian Morales Vega
flowtable breaks masquerade for dnat flows,
Jonathan Rudenberg
syn-flag-check from outside not working, Thomas Luening
nft - execute command without returning error,
Daniel Huhardeaux
nft and defined variables,
Daniel Huhardeaux
nft -- documentation on fib_addrtype missing, more data,
Stephen Satchell
nft -- documentation on fib_addrtype missing,
Stephen Satchell
nft tproxy without iproute2 rule,
Norman Rasmussen
TEE target and gateway as MAC address, Vieri Di Paola
Cannot add ip6 elements to a named set,
Matt
nft: auto-merge set doesn't merge overlapping intervals,
Richard Stanway
How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10,
Jags
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, zrm
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Jags
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Reindl Harald
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Jags
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Reindl Harald
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Jags
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Reindl Harald
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Jags
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Reindl Harald
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Neal P. Murphy
- Re: How can I block all traffic from an IP range, irrespective of origin, going to, or coming from, using nftables in Debian 10, Jags
iptables TEE target and system slowdown, Vieri Di Paola
NAT statements in nft command documentation are misleading, Ted Roo
[PATCH] ipset: Add wildcard support to net,iface,
Kristian Evensen
Intermix ip,ip6 saddr,
Anton Rieger
Regarding flowtables and conntrack, Otto Reinikainen
queue bypass not working?,
Charles Eidsness
nft set elements: Comment not available for elements?,
Bernd Naumann
How is nftables + IFB,
John Mok
sip helper work with tcp?, Brian J. Murrell
Can't run meters example - "Could not process rule: Operation not supported",
Oscar Muñoz Garrigós
Registration in bugtracker not working, Антон Блудов
Info on the "ct" selector,
Thomas
Determine cgroup ID for nftables,
Pavel Volkov
server behind a nftables NAT, Luke Whittlesey
Loading nft,
Matt
Clarification on dynamic nft sets, Damien Robert
ipt to nft,
Matt
nft ruleset help,
Thomas
nftables.service - nftables - Active: active (exited) | nftables exits immediately in Debian server,
Jags
Whither masquerading RANDOM_FULLY?,
Mike Spreitzer
Why MASQUERADE --to-ports ?,
toml@xxxxxxx
HA firewall providing "masquerade": SNAT the only way to go?,
Bernd Naumann
Packet Marks with UDP and portforwarding,
Philip Schaten
IPTV, Info
eBPF for firewalls?, Trent W. Buck
Lightweight ipset API?,
Ian Pilcher
Subject: Kernel crash; ipset comments overwritten - ipset v6.23.,
G.W. Haywood
[ANNOUNCE] nftables 0.9.2 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.1.4 release,
Pablo Neira Ayuso
Fail2ban integration,
Kim Lee
Filtering specific bytes from packet layer 7 payload,
flyingrhino
issue with conntrackd wrt handling dead connections,
Michael Schnyder
nftables Won't Restore with Timeout/Expire,
Mike Dillinger
meter in 0.9.1 (nft noob question),
Trent W. Buck
conntrack vs. ICMPv6 policy (RFC 4890), Trent W. Buck
[PATCH v1 1/1] Simplify unpacking start/end tuples from database,
Philip Prindeville
nftables: one rule to rule them all?,
Fran Fitzpatrick
connlimit unexplained behaviour with local connections,
Nik
"Byteorder mismatch" for "iifname {ppp*}"? (nft noob question),
Trent W. Buck
[ANNOUNCE] ipset 7.3 released, Jozsef Kadlecsik
one chain, two hooks (nft noob question),
Trent W. Buck
ct state vmap (nft noob question),
Trent W. Buck
iiftype loopback vs. iif lo (nft noob question),
Trent W. Buck
Backwards compatibility with iptables etc.,
Hans Malissa
Portknocking example wiki.nftables.org,
Matthias Maier
chain comments,
Trent W. Buck
nftables.service ".d" support,
Trent W. Buck
nft version 0.9.1 add rule with match all using kernel 4.14,
Charles Eidsness
nft create chain in version 0.9.1?, Charles Eidsness
[ANNOUNCE] New Netfilter core team member: Phil Sutter, Arturo Borrero Gonzalez
Nftables replacement for -j CT --notrack,
Tomas Mudrunka
Traffic shaping and accounting using nftables (ISP scenario), Tomas Mudrunka
NFT ratelimit with arbitrary timeframe, Tomas Mudrunka
100% CPU utilization when running iptables (nft interface) as non-root user,
Amish
NAT rules failing with kernel 5.2,
Amish
nftables controlling IPv6 and iptables controlling IPv4 (possible?),
Amish
3-way handshake sets conntrack timeout to max_retrans,
Jakub Jankowski
Connection timeouts due to INVALID state rule,
Will Storey
[Index of Archives]
[Linux Netfilter Development]
[Advanced Routing & Traffice Control]
[Netem]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
[Linux Kernel Development]
