search for: nftable

https://bugzilla.netfilter.org/show_bug.cgi?id=1763 Bug ID: 1763 Summary: Segfault when resetting rules with meta l4proto { tcp, udp } Product: nftables Version: 1.0.x Hardware: x86_64 OS: Ubuntu Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: sly at covertlabs.org Running into a segfault on version...

Despite that the migration of our applications comes with a significant workload. It seems that also every aspect of common services had changed with EL8. In EL8 firewalld uses nftables as backend. I wonder why iptables does not list any rules while also configured to use nftables as backend. # iptables -V iptables v1.8.2 (nf_tables) # firewall-cmd --list-all |egrep -o '22|ssh' ssh # nft list ruleset | egrep -o '22|ssh' ssh # iptables -L -n | egrep -o '2...

Once upon a time, Jonathan Billings <billings at negate.org> said: > 'iptables' and 'nftables' are competing technologies. In CentOS 8, > firewalld's backend was switched from iptables to nftables. So it > would be expected that the iptables command wouldn't have any rules > defined, it isn't being used by firewalld. That is partially incorrect. While iptables...

Hi everyone, I use Debian 9.5 Stretch and NFTABLES as a firewall. Using NFTABLES together with IPTABLES is not recommended, but libvirt depends on IPTABLES. Is it safe to run libvirt + kvm + virsh without IPTABLES? By the doc https://libvirt.org/firewall.html, IPTABLES are used for settingup filtering which I do not need. Thanks, Roman

https://bugzilla.netfilter.org/show_bug.cgi?id=1365 Bug ID: 1365 Summary: nft crashes in chain_print_declaration() Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: slyfox at inbox.ru Here is the minimal crash reproduc...

Hi! The Netfilter project proudly presents: nftables 0.8.2 This release fixes ./configure --with-xtables that enables interaction between iptables-compat [1] and nft, and it also includes a bunch of documentation updates. This release introduces a new explicit option for interval sets, that enables auto-merge of adjacent/overlapping elements when...

https://bugzilla.netfilter.org/show_bug.cgi?id=1061 Bug ID: 1061 Summary: net-firewall/nftables-0.5-r2: limit rate: burst parameter doesn't work Product: nftables Version: unspecified Hardware: x86_64 URL: http://wiki.nftables.org/wiki-nftables/index.php/Rate_ limiting_matchings OS: Gen...

On 10/18/2018 10:14 AM, Daniel P. Berrangé wrote: > On Wed, Oct 17, 2018 at 05:57:11PM +0200, Roman Vesely wrote: >> Hi everyone, >> >> I use Debian 9.5 Stretch and NFTABLES as a firewall. >> Using NFTABLES together with IPTABLES is not recommended, >> but libvirt depends on IPTABLES. >> >> Is it safe to run libvirt + kvm + virsh without IPTABLES? >> >> By the doc https://libvirt.org/firewall.html, >> IPTABLES are used for se...

https://bugzilla.netfilter.org/show_bug.cgi?id=1175 Bug ID: 1175 Summary: Document limitations on identifier names Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: netfilter at allycomm.com I understand that some of the f...

https://bugzilla.netfilter.org/show_bug.cgi?id=1099 Bug ID: 1099 Summary: Minor typo in wiki.nftables.org Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: trivial Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: phil at nwl.cc Ther...

Hi list, I'm studying nftables. I'm using CentOS 8.1 (Gnome) and I disabled firewalld. I noticed that a default policy is created with tables and chains probably for firewalld. So I created a .nft script where I stored my rules with a flush for previous ruleset, then saved on /etc/sysconfig/nftables.conf and the enable...

The netfilter project presents: nftables 0.2 This release contains a rather large number of bug fixes, syntax cleanups, new features, support for all new features contained in the recent 3.14 kernel release as well as *drumroll* documentation. Syntax changes ============== * More consistency in data type names Data type names are...

Hi! The Netfilter project presents: nftables 0.3 This release contains bug fixes, syntax cleanups, new features, support for all new features contained in the recent 3.15 kernel release. Syntax changes ============== * More compact syntax for the queue action, eg. nft add rule test input queue num 1 You can also express the multiqueue...

https://bugzilla.netfilter.org/show_bug.cgi?id=1359 Bug ID: 1359 Summary: nft 0.9.1 - table family inet, chain type nat, fails to auto-load modules Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: james at nurealm.net Arch Linux linux 5.2.5.arch1-1...

https://bugzilla.netfilter.org/show_bug.cgi?id=1255 Bug ID: 1255 Summary: nftables SNAT is not working Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: kernel Assignee: pablo at netfilter.org Reporter: bel...

https://bugzilla.netfilter.org/show_bug.cgi?id=1086 Bug ID: 1086 Summary: Nftables matching packet header fields and unexpected '(': wrong wiki info or bug? Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: minor Priority: P...

https://bugzilla.netfilter.org/show_bug.cgi?id=1386 Bug ID: 1386 Summary: nftables.py cmd doesn't read updated counter values after first read Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: major Priority: P5 Component: nft...

https://bugzilla.netfilter.org/show_bug.cgi?id=1176 Bug ID: 1176 Summary: Invalid identifiers produce unhelpful error messages Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: netfilter at allycomm.com If an identifier (at least f...

On Wed, Oct 17, 2018 at 05:57:11PM +0200, Roman Vesely wrote: > Hi everyone, > > I use Debian 9.5 Stretch and NFTABLES as a firewall. > Using NFTABLES together with IPTABLES is not recommended, > but libvirt depends on IPTABLES. > > Is it safe to run libvirt + kvm + virsh without IPTABLES? > > By the doc https://libvirt.org/firewall.html, > IPTABLES are used for settingup filtering which I d...

https://bugzilla.netfilter.org/show_bug.cgi?id=1219 Bug ID: 1219 Summary: nftables prints the routing header type rules incorrectly Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assigne...