Linux Netfilter / IP Tables
[Prev Page][Next Page]
ICMP Raw Payload Expressions, Sunny73Cr
Cannot browse SQL files in ulog2 git,
Slavko
Static bidirectional static NAT for duplicate IP devices using iptables,
Alon Bar-Lev
NAT and ICMP,
Chris Hall
named counters vs flush ruleset,
Victor Julien
Documentation regarding priorities possibly wrong - clarification / update appreciated,
Binarus
Netfilter not dropping packets as it should,
Binarus
Generic map, also with L4 protocol, Marc SCHAEFER
SNAT vs ip rule, Marc SCHAEFER
nftables DNAT routes to wrong iface,
Marc SCHAEFER
DROP rule is ignored for multicast traffic, but only via Wireguard,
Adam Nielsen
Raw Payload Expressions - out of bounds write?,
Sunny73Cr
nft includepath directory - directory on a separate partition / disk, Sunny73Cr
[ANNOUNCE] nftlb 1.1.0 release, Laura García Liébana
IPv6 source address randomization?, lukaro
Delay replying to SYN (or requires two SYN to react), Marc SCHAEFER
list sets,
Slavko
aggressive firewalling via nftables,
potatojuggler
General questions about priorities - Clarification appreciated,
Binarus
Clarification of the procedure for filtering IP option fields,
Alexey Kashavkin
flowtable ipv4-via-ipv6 routing, Aksel Nyman
expires larger than timeout causes error,
lilydjwg
nftables portmap map,
Antonio Ojea
nft table flags documentation,
Jan Kasprzak
[ANNOUNCE] ipset 7.23 released, Jozsef Kadlecsik
conntrack-tools conntrack cli json output option?,
eldon-nfv
Regression 1.0.9..1.1.1 in glob inclusion behaviour,
caskd
an idea about flow tables, ye4 yu3
[DNAT] Port forwarding with Port range,
Mokhtar BEN MESSAOUD
logging to a different place than kernel ring buffer,
Marco Moock
set with limit,
Slavko
rule insertion,
Thomas Köller
Dropping of the end of a chain,
Thomas Köller
Adding set elements,
Thomas Köller
iptables SYNPROXY small packet size transmission performance issue, Vincent Li
connection tracking state in rules,
Thomas Köller
ipset vs. nftables set,
Thomas Koeller
[ANNOUNCE] iptables 1.8.11 release, Phil Sutter
Countering some types of SSH spoofing with NFTables,
Lars Noodén
connection tracking and kernel dropping packets,
Matt Zagrabelny
IPtables rate limiting question,
Francisco Agostinho
Unusual packet forwarding task,
Rob Roschewsk
location of conntrack rules,
Matt Zagrabelny
filesystem access to add/remove/view ip addresses,
Telbat Diordna
Most optimal method to dump UDP conntrack entries,
Antonio Ojea
[UPDATE] Renewing Netfilter coreteam PGP keys, Pablo Neira Ayuso
VPN nftables,
Martin Brampton
issues when trying to inspect payload > 250 bytes,
Graham Bartlett
Problem with ipv6,
Martin Brampton
Unsuccessful adding policy to a regular chain,
Robin Bussell
[ANNOUNCE] nftables 1.1.1 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.8 release, Pablo Neira Ayuso
How to count bytes?, Ronan Pigott
[no subject], Unknown
[no subject], Unknown
Clarification on the functioning of "ct count",
Avinash Dige
Allowing closed connections time to drain before logging packets,
Brian J. Murrell
[ANNOUNCE] libnetfilter_conntrack 1.1.0 release, Pablo Neira Ayuso
Nomnclature - Roman,
Thomas Sadłowskí
Re_School Contacts List 2024, Lily Green
Issue Setting meta broute,
Dustin Lieu
Wiki entry on Element timeouts in NFtables,
Lars Noodén
nftables are non-deterministic,
Artem S. Tashkinov
Raw payload expressions are mangled,
Sunny73Cr
Stateless NAT ICMP Payload Mismatch,
Echo Nar
Understanding output from "nft list",
Brian Sammon
nftables' ulogd2 group "#" usage -- variable substitution possible?, pgnd
[ANNOUNCE] Security evaluation by ANSSI of nftables, Pablo Neira Ayuso
Output port redirect going to loopback?,
Atkins, Brian
correct nft v1.1.0 usage for flowtable h/w offload? `flags offload` &/or `devices=`, pgnd
Hardware Offloading Mellanox, Ritterhoff, Florian
Can't set meta priority for some packets in netdev family!, Kevin Vigouroux
libnftables way of deleting a rule,
Arne Zachlod
How to set packet priority in the netdev table?, Kevin Vigouroux
How do you set packet priority in the netdev table?, Kevin Vigouroux
[no subject],
Tom Isaacson
Sets update,
Slavko
syntax issues when reducing rules through grouping ?,
pgnd
[ANNOUNCE] nftables 1.1.0 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.7 release, Phil Sutter
Re: Regarding ulogd_output_SYSLOG.so, Harald Welte
Transparent SNAT bridge with physdev module, Matt Ayre
Understanding and debugging conntrack source code,
Kevin Johnson
Does Nftables nft_fib check fib only in the main routing table?, Stanislav Tretyakov
nftables rule optimization - evaluating efficiency,
William N.
conntrackd: Trouble using multiple Accept addresses in kernel filter,
Yoann Congal
subscribe, netfilter
bidge not working. Missing rules?, Paulo Ricardo Bruck
How to have a counter for vmap verdicts?,
William N.
Writing own match module for modern ebtables.,
Pawel Kraszewski
Problem with migration from iptables+ipset to nftables,
Aleksey Nikapli
[ANNOUNCE] ipset 7.22 released, Jozsef Kadlecsik
nftables rule where IPv6 source and destination addr are the same?,
William N.
Cant get "tcp dport 22 @ih,0,32 0x5353482d" to work/match,
Pascal Ernster
Problems understanding nftables part 2,
Wolfgang
ebtables rule rewriten to nft 'set host' does not work,
netfilter
Problems understanding nftables, Wolfgang
[wiki] typo in Nftables families, 谢致邦 (XIE Zhibang)
Using NAT engine information to apply fwmark to packet, Tobias Jakobi (Compleo)
connection refused from DNATted host,
Giovanni Biscuolo
nft not logging some layer 2 frames?,
Teodor Milkov
Clash Resolve Counter Increasing,
Tim Harman
Nftables rules for kernel threads (cifsd), Mikhail Morfikov
Kernel panic in nf_nat_setup_info, with re injected packet from libnfml,
shibu samuel
Sets nesting/reference? Complex concatenations in vmaps?,
William N.
Retrieve L2 header or MAR from packet, La Rus
IPv4 NAT and lo, and iptables,
imnozi
HW Offloading Mellanox ConnectX-6DX, Ritterhoff, Florian
How to have a dynamic ingress device(s) list?,
William N.
NFT: Drop to Docker bridge,
Alberto
[Thread split] nftables rule optimization - dropping invalid in ingress?,
William N.
Rewrite arp response with nft,
G H
How to measure/profile ruleset performance?,
William N.
DoS/DDoS protection for end nodes,
William N.
Combining/compacting 2 rules into 1,
William N.
NFQUEUE usage and interaction with later chain rules,
Athanasius
Using iptables and ipset to DROP a list of 2 million addresses,
Mason Kaufer
connlimit from wiki.nftables.org not working,
William N.
Correct way of setting the TCP max segment sizes for IPv4 and IPv6?,
William N.
Docker NFT rules conflict, Alberto
nftables: How to match ICMPv6 subtype in a rule?,
William N.
Rocky Linux 9 with firewalld and nftables always tracks connections,
Blaine Elzey
Mask as part of element in set,
Vlad Tsisyk
IP not banned in interval set,
List Support
Cannot get the correct IP version from packet,
Alessandro Vesely
SNI filtering,
Tim Lewis
nftables rate limiting per multiple seconds,
Sreedhar M
nft socket module,
Sreedhar M
snat with dynamic ip address,
Lars Noodén
Fwd: Defined parameters, Beewoolie
Fwd: Knocking example may not work?, Marc Singer
Ulogd2 Mysql KO, Yves Metivier
Question: How to pass Docker container traffic through iptables tproxy?, Morteza Behboodian
Nftables conntrack state matching JSON syntax, Mikołaj Pisula
nftables HOWto Wiki Question, David Hayward
nftables and RFC 7084 section-4.3 L-14, Martin Tonusoo
[ANNOUNCE] ipset 7.21 released, Jozsef Kadlecsik
Are there nft set limits?,
Xavier B.
What happens if the machine runs out of memory while adding new nftables sets atomically?,
Anton
[ANNOUNCE] ipset 7.20 released, Jozsef Kadlecsik
Is there an efficient way to delete multiple elements from a set?,
Anton
Analyzing firewall rules programmatically,
Timo Lindfors
Combine ipv4 and ipv6 in a set,
Daniel
Debugging libmnl client,
Alessandro Vesely
About adding a nft rule to limit opensearch connections, jadhav vishwanath
Re: GUI Frontend for iptables and nftables Linux firewalls, Josef Vybíhal
How to match only one packet and no other subsequent new packets?, tabloid_scavenger345
Neighbour events for V6 deprecated addresses, Aparna Annapragada
Kprobe for nf_nat is broken in Latest Debian 6.1.66-1, P K
Vim Syntax Highlighting,
Aurel Wisse
Netfilter, IPVLAN, L3S and NAT64,
Rob Ert
Question about the man page,
Aurel Wisse
Re: Undelivered Mail Returned to Sender,
Zounp
tcpdump output changes after restarting nftable, You Yu Lu
nftables problem consultation,
ye4 yu3
[no subject], You Yu Lu
Unit dependency of network-pre.target in nftables.service,
You Yu Lu
Re: Unit dependency of network-pre.target in nftables.service, You Yu Lu
ipset hash:net,iface - can not add more than 64 interfaces,
Марк Коренберг
[nftables] Multiple reject withs in a single rule,
Edward Dickson
PSA: this list has moved to new vger infra (no action required), Konstantin Ryabitsev
nft ends with error,
Kamil Jońca
Performing NAT 1:1 without connection tracking,
Blažej Krajňák
nfqueue at postrouting hook does not work,
Nayan Gadre
Getting error "Error: missing hook and priority in flowtable declaration" in nftables 1.0.9,
Martin Gignac
[Index of Archives]
[Linux Netfilter Development]
[Advanced Routing & Traffice Control]
[Netem]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
[Linux Kernel Development]
