similar to: [ANNOUNCE] nftables 0.3 release

The netfilter project presents: nftables 0.2 This release contains a rather large number of bug fixes, syntax cleanups, new features, support for all new features contained in the recent 3.14 kernel release as well as *drumroll* documentation. Syntax changes ============== * More consistency in data type names Data type names are used in set declarations. All address related types now

Hi! The Netfilter project proudly presents: nftables 0.5 This release contains bug fixes and new features contained up to the 4.2 kernel release. New features ============ * Concatenations: You can combine two or more selectors to build a tuple, then use it to look up for a matching in sets, eg. % nft add rule ip filter input ip saddr . tcp dport { \ 1.1.1.1 . 22 , \

Hi! The Netfilter project proudly presents: nftables 0.9.4 This release contains fixes and new features available up to the Linux kernel 5.6 release. * Support for ranges in concatenations (requires Linux kernel >= 5.6), e.g. table ip foo { set whitelist { type ipv4_addr . ipv4_addr . inet_service flags interval

Hi! The Netfilter project proudly presents: nftables 0.6 This release contains many accumulated bug fixes and new features availale up to the Linux 4.7-rc1 kernel release. New features ============ * Rule replacement: You can replace any rule from the unique 64-bits handle. You have to retrieve the handle from the ruleset listing. # nft list ruleset -a table ip filter { chain

Hi! The Netfilter project proudly presents: nftables 0.9.5 This release contains fixes and new features available up to the Linux kernel 5.7 release. * Support for set counters: table ip x { set y { typeof ip saddr counter elements = { 192.168.10.35, 192.168.10.101, 192.168.10.135 } }

Hi! The Netfilter project proudly presents: nftables 0.9.7 This release contains fixes and new features available up to the Linux kernel 5.10-rc1 release. * Support for implicit chain, e.g. table inet x { chain y { type filter hook input priority 0; tcp dport 22 jump { ip saddr { 127.0.0.0/8, 172.23.0.0/16, 192.168.13.0/24 }

Hi! The Netfilter project proudly presents: nftables 0.8.2 This release fixes ./configure --with-xtables that enables interaction between iptables-compat [1] and nft, and it also includes a bunch of documentation updates. This release introduces a new explicit option for interval sets, that enables auto-merge of adjacent/overlapping elements when adding them to the set, eg. table

Hi! The Netfilter project proudly presents: nftables 0.8.1 This release contains mostly incremental fixes and documentation updates, such as fixing up ./configure --with-mini-gmp for embedded setups that don't have libgmp. Deprecated syntax ================= This release deprecates the "flow table" syntax in favor of "meter" to address Netfilter's bugzilla

Hi! The Netfilter project proudly presents: nftables 0.4 This release contains a lot of bug fixes and new features contained up to the recent 3.18 kernel release (and some features coming up in the yet unreleased 3.19-rc). New features ============ * Add support for global ruleset operations (available since 3.18). Get rid of all tables, chains, and rules in one go: # nft

Hi! The Netfilter project proudly presents: nftables 0.7 This release contains many accumulated bug fixes and new features available up to the (upcoming) Linux 4.10-rc1 kernel release. * Facilitate migration from iptables to nftables: At compilation time, you have to pass this option. # ./configure --with-xtables And libxtables needs to be installed in your system. This allows

Hi! The Netfilter project proudly presents: nftables 0.9.6 This release fixes vmap support which broke in 0.9.5. You can download this new release from: https://www.netfilter.org/projects/nftables/downloads.html#nftables-0.9.6 https://www.netfilter.org/pub/nftables/ To build the code, libnftnl 1.1.7 and libmnl >= 1.0.4 are required: *

https://bugzilla.netfilter.org/show_bug.cgi?id=1744 Bug ID: 1744 Summary: Packet corruption occurs when using the nftables vlan pcp set command Product: nftables Version: 1.0.x Hardware: arm OS: All Status: NEW Severity: major Priority: P5 Component: kernel

https://bugzilla.netfilter.org/show_bug.cgi?id=936 Summary: frag: "more-fragments" and "reserved" are not identified by nftables Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component:

https://bugzilla.netfilter.org/show_bug.cgi?id=1061 Bug ID: 1061 Summary: net-firewall/nftables-0.5-r2: limit rate: burst parameter doesn't work Product: nftables Version: unspecified Hardware: x86_64 URL: http://wiki.nftables.org/wiki-nftables/index.php/Rate_ limiting_matchings

https://bugzilla.netfilter.org/show_bug.cgi?id=1226 Bug ID: 1226 Summary: Segmentation fault when printing a rule checking byte zero of NFT_PAYLOAD_LL_HEADER Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5

https://bugzilla.netfilter.org/show_bug.cgi?id=1071 Bug ID: 1071 Summary: nftables: set does not work within inet table with option flags interval Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft

Hi! The Netfilter project proudly presents: nftables 0.8 This release contains new features available up to the (upcoming) Linux 4.14 kernel release: * Support for stateful objects, these objects are uniquely identified by a user-defined name, you can refer to them from rules, and there is a well established interface to operate with them, eg. # nft add counter filter test

https://bugzilla.netfilter.org/show_bug.cgi?id=1215 Bug ID: 1215 Summary: nft -c "" segfaults Product: nftables Version: unspecified Hardware: x86_64 OS: other Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1650 --- Comment #5 from Wang Jian <larkwang at gmail.com> --- > > This internal:0:0-0 is incorrect error reporting. > > Could you run nftables with git HEAD? It contains this fix: > > commit 5e39a34b196d68b803911aa13066fef2f83dc98c > Author: Pablo Neira Ayuso <pablo at netfilter.org> > Date: Mon Mar 27 16:36:31

https://bugzilla.netfilter.org/show_bug.cgi?id=914 Summary: nft configure does not use --prefix as include/lib search path Product: nftables Version: unspecified Platform: x86_64 OS/Version: All Status: NEW Severity: enhancement Priority: P5 Component: nft AssignedTo: pablo at