Linux Netfilter / IP Tables
[Prev Page][Next Page]
- Sets update,
Slavko
- syntax issues when reducing rules through grouping ?,
pgnd
- [ANNOUNCE] nftables 1.1.0 release, Pablo Neira Ayuso
- [ANNOUNCE] libnftnl 1.2.7 release, Phil Sutter
- Re: Regarding ulogd_output_SYSLOG.so, Harald Welte
- Transparent SNAT bridge with physdev module, Matt Ayre
- Understanding and debugging conntrack source code,
Kevin Johnson
- Does Nftables nft_fib check fib only in the main routing table?, Stanislav Tretyakov
- nftables rule optimization - evaluating efficiency,
William N.
- conntrackd: Trouble using multiple Accept addresses in kernel filter,
Yoann Congal
- subscribe, netfilter
- bidge not working. Missing rules?, Paulo Ricardo Bruck
- How to have a counter for vmap verdicts?,
William N.
- Writing own match module for modern ebtables.,
Pawel Kraszewski
- Problem with migration from iptables+ipset to nftables,
Aleksey Nikapli
- [ANNOUNCE] ipset 7.22 released, Jozsef Kadlecsik
- nftables rule where IPv6 source and destination addr are the same?,
William N.
- Cant get "tcp dport 22 @ih,0,32 0x5353482d" to work/match,
Pascal Ernster
- Problems understanding nftables part 2,
Wolfgang
ebtables rule rewriten to nft 'set host' does not work,
netfilter
Problems understanding nftables, Wolfgang
[wiki] typo in Nftables families, 谢致邦 (XIE Zhibang)
Using NAT engine information to apply fwmark to packet, Tobias Jakobi (Compleo)
connection refused from DNATted host,
Giovanni Biscuolo
nft not logging some layer 2 frames?,
Teodor Milkov
Clash Resolve Counter Increasing,
Tim Harman
Nftables rules for kernel threads (cifsd), Mikhail Morfikov
Kernel panic in nf_nat_setup_info, with re injected packet from libnfml,
shibu samuel
Sets nesting/reference? Complex concatenations in vmaps?,
William N.
Retrieve L2 header or MAR from packet, La Rus
IPv4 NAT and lo, and iptables,
imnozi
HW Offloading Mellanox ConnectX-6DX, Ritterhoff, Florian
How to have a dynamic ingress device(s) list?,
William N.
NFT: Drop to Docker bridge,
Alberto
[Thread split] nftables rule optimization - dropping invalid in ingress?,
William N.
Rewrite arp response with nft,
G H
How to measure/profile ruleset performance?,
William N.
DoS/DDoS protection for end nodes,
William N.
Combining/compacting 2 rules into 1,
William N.
NFQUEUE usage and interaction with later chain rules,
Athanasius
Using iptables and ipset to DROP a list of 2 million addresses,
Mason Kaufer
connlimit from wiki.nftables.org not working,
William N.
Correct way of setting the TCP max segment sizes for IPv4 and IPv6?,
William N.
Docker NFT rules conflict, Alberto
nftables: How to match ICMPv6 subtype in a rule?,
William N.
Rocky Linux 9 with firewalld and nftables always tracks connections,
Blaine Elzey
Mask as part of element in set,
Vlad Tsisyk
IP not banned in interval set,
List Support
Cannot get the correct IP version from packet,
Alessandro Vesely
SNI filtering,
Tim Lewis
nftables rate limiting per multiple seconds,
Sreedhar M
nft socket module,
Sreedhar M
snat with dynamic ip address,
Lars Noodén
Fwd: Defined parameters, Beewoolie
Fwd: Knocking example may not work?, Marc Singer
Ulogd2 Mysql KO, Yves Metivier
Question: How to pass Docker container traffic through iptables tproxy?, Morteza Behboodian
Nftables conntrack state matching JSON syntax, Mikołaj Pisula
nftables HOWto Wiki Question, David Hayward
nftables and RFC 7084 section-4.3 L-14, Martin Tonusoo
[ANNOUNCE] ipset 7.21 released, Jozsef Kadlecsik
Are there nft set limits?,
Xavier B.
What happens if the machine runs out of memory while adding new nftables sets atomically?,
Anton
[ANNOUNCE] ipset 7.20 released, Jozsef Kadlecsik
Is there an efficient way to delete multiple elements from a set?,
Anton
Analyzing firewall rules programmatically,
Timo Lindfors
Combine ipv4 and ipv6 in a set,
Daniel
Debugging libmnl client,
Alessandro Vesely
About adding a nft rule to limit opensearch connections, jadhav vishwanath
Re: GUI Frontend for iptables and nftables Linux firewalls, Josef Vybíhal
How to match only one packet and no other subsequent new packets?, tabloid_scavenger345
Neighbour events for V6 deprecated addresses, Aparna Annapragada
Kprobe for nf_nat is broken in Latest Debian 6.1.66-1, P K
Vim Syntax Highlighting,
Aurel Wisse
Netfilter, IPVLAN, L3S and NAT64,
Rob Ert
Question about the man page,
Aurel Wisse
Re: Undelivered Mail Returned to Sender,
Zounp
tcpdump output changes after restarting nftable, You Yu Lu
nftables problem consultation,
ye4 yu3
[no subject], You Yu Lu
Unit dependency of network-pre.target in nftables.service,
You Yu Lu
Re: Unit dependency of network-pre.target in nftables.service, You Yu Lu
ipset hash:net,iface - can not add more than 64 interfaces,
Марк Коренберг
[nftables] Multiple reject withs in a single rule,
Edward Dickson
PSA: this list has moved to new vger infra (no action required), Konstantin Ryabitsev
nft ends with error,
Kamil Jońca
Performing NAT 1:1 without connection tracking,
Blažej Krajňák
nfqueue at postrouting hook does not work,
Nayan Gadre
Getting error "Error: missing hook and priority in flowtable declaration" in nftables 1.0.9,
Martin Gignac
Optimize fails on a large ruleset,
Sixene
Re: Optimize fails on a large ruleset, A L
<Possible follow-ups>
Optimize fails on a large ruleset, sixene
[ANNOUNCE] Coreteam updates: Eric Leblond and Arturo Borrero enter emeritus status, Pablo Neira Ayuso
meta time/hour questions,
Brian Davidson
Problems getting started with dnat and port forwarding,
Rubén Méndez Hernández
nftables expressions and operators,
Aurel Wisse
Redirect doesn't do the job as dnat does,
Tech
ip6 dscp fails map lookup,
Brian Davidson
Help with debugging combination of tproxy and policy based routing,
niconorsk
meta time rules display after 00:00 UTC,
Brian Davidson
map problem with port range,
Daniel
arptables-nft and comments in nft output,
Valentijn Sessink
nftables / DHCP / NAT,
Volodymyr Litovka
Wiki Offline, Bradley Hook
Masquerading clients while trying to send traffic over ipsec tunnel, readme
[ANNOUNCE] nftables 1.0.9 release, Pablo Neira Ayuso
[nftables/nft] nft equivalent of "ipset test",
U.Mutlu
nf_nat_icmp_reply_translation dropped icmp redirect packet,
sun miller
Getting packet timestamps, Alessandro Vesely
[iptables/ipset] Bug? -m set --match-set myset src --packets-gt 2 -j ...,
U.Mutlu
Flowtables ignore timeout settings in recent kernels,
Vladimir Smelhaus
commit to kernel fails since Debian 12 (bookworm),
Markus Wigge
[libipset] How to read packet counter of a single item?,
U.Mutlu
Efficient and correct time based bandwidth monitoring,
Benno
[ANNOUNCE] iptables 1.8.10 release, Phil Sutter
Typo on 'Sets' wiki page,
Alasdair Muckart
Nftables matches IGMP packets as non-IP traffic,
Blažej Krajňák
doc suggestions, David Zych
Display Masquerade mappings,
Paul Crossley
number of elements in nftables set,
Pavel Kasparek
ipset swap to nftables set,
marek
[ANNOUNCE] conntrack-tools 1.4.8 release, Pablo Neira Ayuso
Detecting socks5 frames on server side,
List Support
Drop tcp close tcp, Louis R. Fasullo
[ANNOUNCE] ipset 7.19 released, Jozsef Kadlecsik
[PATCH] build: Fix double-prefix w/ pkgconfig,
Sam James
[ANNOUNCE] ipset 7.18 released,
Jozsef Kadlecsik
[ANNOUNCE] nftlb 1.0.9 release, Laura García Liébana
Re: BUG REPORT : [patch V2 0/4] net, refcount: Address dst_entry reference count scalability issues - rcuref_put_slowpath+0x5f, Martin Zaharinov
Could not load match [tcp udp conntrack] BPi R2-Pro Rockchip 3568, Household Cang
Is nftables thread safe?,
Wayne Bao
Presentation of a tool for firewall testing!, Abdul Pallarès Calvi
counter target,
Matt Zagrabelny
Fwd: question about using conntrack to change the mark,
Tony He
Why does the cgroup iptables extension not work generally with the INPUT chain?, Anselm Schüler
Extending an IPv4 filter to IPv6,
Alessandro Vesely
iptables cannot perform forwarding operations correctly, Hack3rcon
unable to start nftables,
François Patte
failing fail-over - commit still in progress,
Pierre-Philipp Braun
nft tproxy failed to redirect on one system,
Carl Lei
Iptables and DDoS attacks,
Hack3rcon
Incompatibility when use python3-nftables and iptables-nft,
Wayne Bao
Incomprehensible behavior,
toml
nftables 1.0.6: snat with maps,
Mucha Marcin, Sieciuch.com
nftables 1.0.6: snat with maps,
Mucha Marcin, Sieciuch.com
I need help about to rewrite some iptables rules, hack3rcon
Nftables + ALG + Linux 6.1.0-10-amd64 …?... is it a kown Problem?,
toml
converting iptables/ip6tables to efficient nftables rules,
Tim Mooney
ct state module issue,
Matt Zagrabelny
nftables 1.0.8 showing invalid type for ip dscp,
Brian Davidson
skb->mark not cleared for MLDv2 Reports? (skb->mark == 212 / 0xd4),
Linus Lüssing
[ANNOUNCE] nftables 1.0.8 release, Pablo Neira Ayuso
Ingress filter issue with pedit, R Keith Beal
[ANNOUNCE] libnftnl 1.2.6 release,
Pablo Neira Ayuso
Doubt on Iptables protocol extension, Nayan Gadre
pedit "pass" nonfunctional on ingress?, Dave Taht
Processing nftable rules without loading them into the kernel,
George Shuklin
input rule for "related" UDP traffic, Holzwarth Dominique
Best practices on iif usage at persistent ruleset,
Serg
iptables debian 11 package,
Matthew Ellquist
NAT to multiple ranges,
Dmitry
wiki documentation error,
Michael Deegan
Linux netfilter / iptables : How to enable iptables TRACE chain handling with nf_log_syslog on RHEL8+?,
Jason Vas Dias
ipset hash:net:port:net,
Марк Коренберг
Matching on protocols inside IPv6 IPSec AH (legacy vs nft),
Jacek Tomasiak
nft list sets changed behavior,
nft . ogxzcrqhuhgchbvxcs4j7wws
Modify packet without NAT,
public1020
Rule-based traffic/port mirroring, Sandip Gangakhedkar
HW Offload to Mellanox ConnectX-5, Wojciech Wrona
Resetting the timeout counter for a named set element?,
Lars Noodén
IPv4 Evil Bit,
Marek Küthe
nftables: How to stop further chain traversal after accept verdict,
Tushar Shinde
nftables 0.9.8 - unknown rule handle,
Daniel
nftables mark - tshark show [Frame is marked: False], Daniel
Filter access to user process sockets, Schewe, Jon RTX
Using netfilter to listen on events not working, Igor de Paula
[PATCH] netfilter: fix NULL pointer dereference in nf_confirm_cthelper, Tijs Van Buggenhout
Help use parsing to get a promiscuous level,
Igor de Paula
dst NETMAP,
Rob Hutton
How to configure "full cone" NAT using iptables,
Shane Wang
[Index of Archives]
[Linux Netfilter Development]
[Advanced Routing & Traffice Control]
[Netem]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
[Linux Kernel Development]