similar to: [ANNOUNCE]: Release of nftables 0.2

Hi! The Netfilter project proudly presents: nftables 0.7 This release contains many accumulated bug fixes and new features available up to the (upcoming) Linux 4.10-rc1 kernel release. * Facilitate migration from iptables to nftables: At compilation time, you have to pass this option. # ./configure --with-xtables And libxtables needs to be installed in your system. This allows

Hi! The Netfilter project proudly presents: nftables 0.4 This release contains a lot of bug fixes and new features contained up to the recent 3.18 kernel release (and some features coming up in the yet unreleased 3.19-rc). New features ============ * Add support for global ruleset operations (available since 3.18). Get rid of all tables, chains, and rules in one go: # nft

Hi! The Netfilter project proudly presents: nftables 0.5 This release contains bug fixes and new features contained up to the 4.2 kernel release. New features ============ * Concatenations: You can combine two or more selectors to build a tuple, then use it to look up for a matching in sets, eg. % nft add rule ip filter input ip saddr . tcp dport { \ 1.1.1.1 . 22 , \

https://bugzilla.netfilter.org/show_bug.cgi?id=1206 Bug ID: 1206 Summary: segfault when snat map rule has been added Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hi! The Netfilter project proudly presents: nftables 0.8 This release contains new features available up to the (upcoming) Linux 4.14 kernel release: * Support for stateful objects, these objects are uniquely identified by a user-defined name, you can refer to them from rules, and there is a well established interface to operate with them, eg. # nft add counter filter test

Hi! The Netfilter project proudly presents: nftables 0.9.4 This release contains fixes and new features available up to the Linux kernel 5.6 release. * Support for ranges in concatenations (requires Linux kernel >= 5.6), e.g. table ip foo { set whitelist { type ipv4_addr . ipv4_addr . inet_service flags interval

https://bugzilla.netfilter.org/show_bug.cgi?id=1210 Bug ID: 1210 Summary: nftables gets confused by user namespaces when meta skuid is used Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: critical Priority: P5 Component: nft

Il 17/04/20 11:01, Alessandro Baggi ha scritto: > Hi list, > > I'm studying nftables. I'm using CentOS 8.1 (Gnome) and I disabled > firewalld. I noticed that a default policy is created with tables and > chains probably for firewalld. > > So I created a .nft script where I stored my rules with a flush for > previous ruleset, then saved on

Hi! The Netfilter project proudly presents: nftables 0.6 This release contains many accumulated bug fixes and new features availale up to the Linux 4.7-rc1 kernel release. New features ============ * Rule replacement: You can replace any rule from the unique 64-bits handle. You have to retrieve the handle from the ruleset listing. # nft list ruleset -a table ip filter { chain

Hi list, I'm studying nftables. I'm using CentOS 8.1 (Gnome) and I disabled firewalld. I noticed that a default policy is created with tables and chains probably for firewalld. So I created a .nft script where I stored my rules with a flush for previous ruleset, then saved on /etc/sysconfig/nftables.conf and the enabled nftables service. Running the script with nft -f script.nft all

Hi! The Netfilter project proudly presents: nftables 1.1.0 ... after a release cycles of 8 months. This release contains mostly fixes, listed in no particular order: - Restore compatibility set element dump with <= 0.9.8 add element t s { 23 counter packets 10 bytes 20 timeout 10s } add element t s { 42 timeout 10s counter packets 10 bytes 20 } - Disallow ifname less than

https://bugzilla.netfilter.org/show_bug.cgi?id=1219 Bug ID: 1219 Summary: nftables prints the routing header type rules incorrectly Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft

I had the same problem. If you are not using virtual machines then # systemctl disable libvirtd works and is easily reversible. Alan On 18/04/2020 23:03, Alessandro Baggi wrote: > Il 17/04/20 11:01, Alessandro Baggi ha scritto: >> Hi list, >> >> I'm studying nftables. I'm using CentOS 8.1 (Gnome) and I disabled >> firewalld. I noticed that a default

https://bugzilla.netfilter.org/show_bug.cgi?id=1444 Bug ID: 1444 Summary: nftables-0.9.6 crashes on some set notations: Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org

Hi! The Netfilter project proudly presents: nftables 0.8.1 This release contains mostly incremental fixes and documentation updates, such as fixing up ./configure --with-mini-gmp for embedded setups that don't have libgmp. Deprecated syntax ================= This release deprecates the "flow table" syntax in favor of "meter" to address Netfilter's bugzilla

https://bugzilla.netfilter.org/show_bug.cgi?id=1382 Bug ID: 1382 Summary: nftables.py cmd leaking memory when ruleset contain mapping ip length to range with high limit 65535 Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: major

Hi! The Netfilter project proudly presents: nftables 0.9.5 This release contains fixes and new features available up to the Linux kernel 5.7 release. * Support for set counters: table ip x { set y { typeof ip saddr counter elements = { 192.168.10.35, 192.168.10.101, 192.168.10.135 } }

Hi! The Netfilter project presents: nftables 0.3 This release contains bug fixes, syntax cleanups, new features, support for all new features contained in the recent 3.15 kernel release. Syntax changes ============== * More compact syntax for the queue action, eg. nft add rule test input queue num 1 You can also express the multiqueue as a range, followed by options. nft add rule

Once upon a time, Jonathan Billings <billings at negate.org> said: > 'iptables' and 'nftables' are competing technologies. In CentOS 8, > firewalld's backend was switched from iptables to nftables. So it > would be expected that the iptables command wouldn't have any rules > defined, it isn't being used by firewalld. That is partially incorrect.

Hi! The Netfilter project proudly presents: nftables 0.9.7 This release contains fixes and new features available up to the Linux kernel 5.10-rc1 release. * Support for implicit chain, e.g. table inet x { chain y { type filter hook input priority 0; tcp dport 22 jump { ip saddr { 127.0.0.0/8, 172.23.0.0/16, 192.168.13.0/24 }