search for: nft_compat

...0960 3 iptable_filter,xt_string,ip_tables + nc -w10 example.com 80 + echo POST ``` The same issue has also been seen on the following 5.3.x hosts: OS: Debian Kernel: 5.3.0-2-amd64 lsmod | grep -e ipt -e nft | sort ---- nf_nat 49152 1 nft_chain_nat nfnetlink 16384 3 nft_compat,nf_tables nf_tables 163840 5 nft_compat,nft_counter,nft_chain_nat nft_chain_nat 16384 0 nft_compat 20480 3 nft_counter 16384 1 x_tables 49152 4 nft_compat,xt_LOG,xt_string,xt_tcpudp ---- nft ruleset: meta l4proto tcp tcp dport 80 # STR...

https://bugzilla.netfilter.org/show_bug.cgi?id=1290 Bug ID: 1290 Summary: ptables: nftables layer breaks ipsec/policy keyword Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: iptables over nftable

...nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nf_tables_set nft_chain_nat_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 nft_chain_route_ipv6 nft_chain_nat_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack nft_chain_route_ipv4 ip6_tables nft_compat ip_set nf_tables nfnetlink sunrpc bochs_drm drm_vram_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops drm i2c_piix4 pcspkr crct10dif_pclmul crc32_pclmul joydev ghash_clmulni_intel ip_tables xfs libcrc32c sd_mod sg ata_generic ata_piix virtio_net libata crc32c_intel net_failov...

...ion available. > Just to see if I understood this correctly > > > Not quite. iptables-nft uses the nft communications infrastructure to > > communicate with the kernel. It is still using the xtables kernel modules. > > Basically, there's an nft kernel module (called `nft_compat`) that receives > > messages from userspace and then hands them off to the appropriate iptables > > kernel module. > > This basically means, that right now 90% of my rules use the nft backend and > that one particular rule actually uses the old xtables backend? (with all >...

...nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct > nf_tables_set nft_chain_nat_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 > nf_nat_ipv6 nft_chain_route_ipv6 nft_chain_nat_ipv4 nf_conntrack_ipv4 > nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack nft_chain_route_ipv4 > ip6_tables nft_compat ip_set nf_tables nfnetlink sunrpc bochs_drm > drm_vram_helper ttm drm_kms_helper syscopyarea sysfillrect sysimgblt > fb_sys_fops drm i2c_piix4 pcspkr crct10dif_pclmul crc32_pclmul joydev > ghash_clmulni_intel ip_tables xfs libcrc32c sd_mod sg ata_generic ata_piix > virtio_net libata crc...

...diag tcp_diag inet_diag xt_mark xt_NFQUEUE nfnetlink_queue veth xt_nat nf_conntrack_netlink xfrm_user xfrm_algo xt_addrtype xt_conntrack br_netfilter overlay xt_CHECKSUM nft_chain_nat xt_MASQUERADE nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nft_counter vboxnetadp(OE) vboxnetflt(OE) xt_tcpudp nft_compat vboxdrv(OE) bridge stp llc nf_tables nfnetlink fuse uinput binfmt_misc intel_rapl_msr intel_rapl_common mei_wdt x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel iwldvm kvm mac80211 libarc4 snd_hda_codec_realtek snd_hda_codec_generic snd_hda_codec_hdmi iwlwifi irqbypass intel_cstate intel_un...