Linux Netfilter / IP Tables
[Prev Page][Next Page]
- Re: Reload IPtables, (continued)
Problem when routing UDP port 53, Pierre Couderc
Legacy?,
slow_speed
Rules,
slow_speed
How to rewrite dest.IP of UDP packets, cloned by TEE target?, Thomas Conrath
Question regarding licensing terms and compliance, 洪湘晴
nftables CONFIG_NFT_OBJREF "ct helper set", Stefan Hartmann
#netfilter IRC channel now on libera.chat, Arturo Borrero Gonzalez
[ANNOUNCE] nftables 0.9.9 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.2.0 release, Pablo Neira Ayuso
libnetfilter_conntrack: ABI breakage error,
Psyspy 22
Possible to load balance (nftlb) mostly NFS traffic with important connections?,
Carsten Aulbert
Running an active/active firewall/router (xt_cluster?),
Oliver Freyermuth
Re: Running an active/active firewall/router (xt_cluster?), Pablo Neira Ayuso
Forcing SNAT to preserve the original source port, Carsten
wiki.nftables.org down,
Frank Myhr
Commas or Spaces?,
slow_speed
nf does not DNAT, but also does not not-NAT, Przemysław Kowalczyk
nftables equivalent for iptable rules.,
R C
Why is it impossible to DNAT 127.0.0.0/8?,
Quentin, Lars
Flowtable with ppp/bridge,
Frank Wunderlich
nftables auto-merge on combined sets,
Frömmel, Christian
conntrackd inverted NAT address, endianness issue?,
Tao Gong
nftables support for cgroup v2 filtering by path,
Yves Perrenoud
nftables port forward on DHCP interface to static IP,
Pekka Järvinen
Fail-closed option? (Make all policies "drop" by default for newly created namespaces),
mose
ebtables rules for specific bridge, Ian Pilcher
device list reversed,
Frank Wunderlich
List and reimport Ruleset fails with "Error: transport protocol mapping is only valid after transport protocol match",
Henning Reich
nftables "stateful object" nomenclature,
Frank Myhr
SNAT/Masquerade not modifying the Source IP randomly, Pavan Amancherla
nft show counter,
Frank Wunderlich
bridge-nf-call-iptables: checking bridge vs. IP context?,
Linus Lüssing
Creating named set,
paul.guijt
Script to manage a simple DynDNS whitelist based firewall using nftables, etkaar
hw flow offload - nft crosscompile,
Frank Wunderlich
Startup script for ssdp helper app, Budge
nfqueue ethernet packet frame capture,
ilker
How to troubleshoot (suspected) flowtable lockups/packet drops?,
Martin Gignac
How to concatenate subnet with port in a set?,
etkaar
wiki.nftables.org Certificate expired,
Philipp Rintz
Traffic drops when using flow offload for nftables based NAT,
tech
[HEADS UP] bugzilla.netfilter.org is under maintainance,
Pablo Neira Ayuso
IP MASQUERADE isn't working properly, Ameen Al-Azzawi
when will nftables have ability to delete matching rule like iptables?,
Amish
nftables carefully open the related-flow: ct state related ct helper "ftp-21" ...,
Stefan Hartmann
nft_set_type, Frank Myhr
Matching l3mdev output interface in snat,
Daniele Orlandi
iptables masquerade source ip selection issue, Derrick Lim
'Did not kill' written out when redirecting 'nft list ruleset' in 0.9.8,
Martin Gignac
[ANNOUNCE] ipset 7.11 released, Jozsef Kadlecsik
libnetfilter_queue : Parsing payload,
Psyspy 22
libnetfilter_queue example, Psyspy 22
iptables-nft: masquerade choosing wrong source ip on lo, Etienne Champetier
Wildcards / large ranges in concatenations,
Frank Myhr
Initial loading of ruleset slower than subsequent tries, Martin Bochenek
traffic shaping with tc on Linux 5.4.x,
Lars Noodén
Incoming Connections with IPv6 NETMAP for Multiple ISPs Only Work for 1 ISP at a time., Adam Goldberg
Constraints on nft expressions and statements in inet ingress chains,
Frank Myhr
Unable to create a chain called "trace",
Martin Gignac
Where is the ICMP *type* information in nft 0.9.8 trace output?,
Martin Gignac
FTP behind NAT on a non-standard port,
mikhalich123
nftables typeof concatenation support for vmap?,
Frank Myhr
[ERROR] inject-add2: File exists / [ERROR] inject-upd2: Device or resource busy, Bernd Naumann
parser problem in range map?,
Andreas Schultz
libnetfilter_queue needs libnfnetlink?, Psyspy 22
Use case of nftables + Linux combination as network firewall,
Younwook Jang
Migrate ipsets to nftables,
Nikolai Lusan
where in kernel is conntrack-matching done?, linux-netfilter-list
[ANNOUNCE] iptables 1.8.7 release, Phil Sutter
[ANNOUNCE] nftables 0.9.8 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.1.9 release, Pablo Neira Ayuso
nftables: counters in sets missing from nft --json output, Julian Somers
NFULNL_CFG_F_CONNTRACK and IPv6,
Rafael David Tinoco
Matching streaming services,
Nikolai Lusan
nftables with dinamic ip6,
Paulo Ricardo Bruck
BUG: IPv4 conntrack reassembles forwarded packets, Christian Perle
How to edit nftables wiki pages?,
Jay Tuckey
[PATCH libnetfilter_conntrack] examples: check return value of nfct_nlmsg_build(), Eyal Birger
Correction to nftables wiki,
Brian Pond
[ANNOUNCE] ipset 7.10 released, Jozsef Kadlecsik
First packet NAT flow,
Rafael Ganascim
nftables Set Bug with interval & timeout Flags,
Mike Dillinger
Flowtable in a load balancer, Eliezer Croitor
Assistance to troubleshoot nf_nat bug, Mathew Heard
NAT table seems to be skipped for TCP traffic,
Nicholas Amon
[FYI] summary of Netfilter workshop 2020 virtual, Arturo Borrero Gonzalez
FTFW with multicast not working properly,
Jean-Sébastien Frerot
Re: How to Unblock IP Address of Email Client in Linux iptables Firewall in Linux Mail Server, G.W. Haywood
nftables "meta priority set" not working,
Daniel Lakeland
mistakes on wiki,
bbmt
FYI - how to use libnftables in python,
Arturo Borrero Gonzalez
[ANNOUNCE] ipset 7.8 released,
Jozsef Kadlecsik
[nftables] cross compiling for arm-linux-gnueabihf?,
ѽ҉ᶬḳ℠
[nftables] frame rate limiting per day/minute not working (bug ?),
ѽ҉ᶬḳ℠
[nftables] frame rate limiting clashing with log rate limiting (bug ?), ѽ҉ᶬḳ℠
Filtering and counting traffic based on the ethernet address, Jonathan Horn
vmap declaration style, Kyle Rose
connlimit allows more established conns than the limit set,
Hildegard Meier
Ethernet headers in pcap files generated by ulogd2, Ririsoft
How to update timeout of a map element?, Piotr Jurkiewicz
IP MASQUERADE isn't being applied on all outgoing packets., Ameen Al-Azzawi
Pure iptables solution for DNS/socks5/http forwarding/transparent proxy in docker environment., Hongyi Zhao
Use the socks5 proxy sever running in the host network from the docker container.,
Hongyi Zhao
[ANNOUNCE] iptables 1.8.6 release, Phil Sutter
nftable rule for VRRP traffic,
Wang, Lihua
Wiki inaccuracy regarding the 'redirect' statement,
dirdi
[ANNOUNCE] nftables 0.9.7 release, Pablo Neira Ayuso
[ANNOUNCE] libnftnl 1.1.8 release, Pablo Neira Ayuso
[UPDATES] Renewing Netfilter coreteam PGP keys, Pablo Neira Ayuso
nftables iifname and currently unknown interfaces,
Robert Sander
cannot use != with ct status,
Ramsay, Lincoln
[nftables] Log to DNAT rule,
Alberto
Newbie: IPv6 equivalent of 192.168.178.0/24,
paul.guijt
ulogd2 Error while running, Amiq Nahas
[nftables] frame logging with vmap?, ѽ҉ᶬḳ℠
[nftables] granular rule for combined tcp & udp sports?,
ѽ҉ᶬḳ℠
Re: [nftables] granular rule for combined tcp & udp sports?, Pablo Neira Ayuso
stress testing 40Gbps linux bridge with Mpps - is HFSC a bottleneck?, kaskada
end iptables support,
Emilio Augusto Lazo Zaia
nftables cgroup accounting problem,
azurit
[nftables] multi-level rate limiting with dynamic set, ѽ҉ᶬḳ℠
Redirect traffic to openvpn (client),
Alberto
[nftables] icmp type rate limiting - cumulative for the daddr or selectively per saddr?,
ѽ҉ᶬḳ℠
NFTables: Can not add logs,
Andreas Hoefler
[nftables] packet (filtering) flow NIC vs. PPPoE?,
ѽ҉ᶬḳ℠
Compiling nft-0.9.6,
Rob Sterenborg (Lists)
rate limit SIP INVITES,
sean darcy
[nftables] sets update concatenation?,
ѽ҉ᶬḳ℠
[nftables] log flood protection?,
ѽ҉ᶬḳ℠
Surprising CONNMARK behaviors,
Glen Huang
Rule Count limit,
Jevin Gala
nftables: Define variable with IPv6 suffix match in nft script, Fred F
[nftables] possible to utilise sets across different tables?,
ѽ҉ᶬḳ℠
[nftables] netdev rate limiting | timeouts rfq,
ѽ҉ᶬḳ℠
Howto 2 ipv6 nets, one through ipv4 tun vpn,
Daniel
HELP rules nftables conntrack works,
Luis Mario Niedas Hernández
nft snat with maps for port ranges?,
Jacek Kowalski
No interval possible on Concatenation-Sets,
Siebzehn
Error adding a DNAT rule,
vikaig
Is the concept of BROUTING deprecated and what is the modern alternative?, Pyry Kontio
Filter based on string (or other content),
K. de Jong
nftable - set in diffrent file, Siebzehn
nftable with sets in diffrent files, Siebzehn
synproxy with NAT, Devin Bayer
meter directive,
Devin Bayer
<Possible follow-ups>
Re: meter directive, Eric Peterson
Failing to construct a 'set' for TCP Flag filtering.,
Chris Hall
Nftables rules change when network interfaces disappear,
Mikhail Morfikov
netfilter_queue tutorial,
Tomasz W
inserting rule at the top of the chain using libnftnl, JM
integrating netfilter_queue, Tomasz W
nftables destination ip rewrite - checksum recalculation,
Greenberg, Paul
Nftables src NAT with port range allocation,
Joshua Moore
nftables map with numgen type, not sure if it was implemented?,
Eliezer Croitor
How deactivate a rule using nft cli?,
Luis Mario Niedas Hernández
Multiple labels with connlabel,
Amiq Nahas
Load Balancing WAN connections with nftables, Eliezer Croitor
Explanation of 2 Rules,
Thomas Luening
Use ipset and conntrack with nftables,
Amiq Nahas
Issue migrating "iptables -m socket --transparent" into nftables,
Nirgal Vourgère
Grammar in a bash script,
Mario V Guenzi
error using variable for network device name in 'hook ingress device $external_interface',
Grant C
50k rules and performance issue in nft list table AND iptables-nft,
Ricardo Katz
Nftables 2 WAN,
Daniel
Is it possible to change a chains default policy when rules are already present?,
Andreas Hoefler
ingress hook on interface with multiple addresses ?,
sean darcy
Correct syntax for dnat in inet table?,
Frank-Ulrich Sommer
nft arp, Dennis G
iptables: Log dropped packages due to missing ports when using masquerading,
Janosch Maier
usings sets as input to sets,
harald
iptables by cgroup path no longer works after starting Docker or KVM, Outvi V
No packets appear in ulogd.log, Austin Chamberlin
not able to set ct state rule,
Andreas Hoefler
Raw table on NFT, Cristian Cardoso
sets must have more than 2 elements , and can't "include" a set, sean darcy
Plan B on BCP-38 implementation in NFTABLES, Stephen Satchell
nftables: masquerading not applied consistently,
Thilo-Alexander Ginkel
nftables: Set Elements Listing: One Per Line, Mike Dillinger
nftables: Counters Not Working with Sets of Type Interval,
Mike Dillinger
iptables-nft and unsused default chains, Reindl Harald
IP masquerading not applied in TCP retransmission packets,
Aleksander Morgado
iptables-nft replacement for /proc/net/ip_tables_names,
Reindl Harald
libnftnl vlan type filter,
Andreas Hoefler
Moving from ipset to nftables: Sets not ready for prime time yet?,
Timo Sigurdsson
[Index of Archives]
[Linux Netfilter Development]
[Advanced Routing & Traffice Control]
[Netem]
[Berkeley Packet Filter]
[Bugtraq]
[Yosemite Discussion]
[Linux Kernel Development]
