similar to: [Bug 1222] New: nft list ruleset – infinite memory use

https://bugzilla.netfilter.org/show_bug.cgi?id=1406 Bug ID: 1406 Summary: nft dies with an assertion of consumed > 0 Product: nftables Version: unspecified Hardware: x86_64 OS: Gentoo Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=935 Summary: Frag: problem with frag-off Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft AssignedTo: pablo at netfilter.org ReportedBy: anarey at

https://bugzilla.netfilter.org/show_bug.cgi?id=936 Summary: frag: "more-fragments" and "reserved" are not identified by nftables Product: nftables Version: unspecified Platform: x86_64 OS/Version: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component:

https://bugzilla.netfilter.org/show_bug.cgi?id=1330 Bug ID: 1330 Summary: Parse error for importing set with netmask Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: major Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.netfilter.org/show_bug.cgi?id=1429 Bug ID: 1429 Summary: Empty file in source directory - 'netlink_delinearize.' Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: trivial Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1195 Bug ID: 1195 Summary: 'list ruleset' of 'nft -f' outputs garbage while 'nft list ruleset' seems to work. Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement

Hi! The Netfilter project proudly presents: nftables 0.5 This release contains bug fixes and new features contained up to the 4.2 kernel release. New features ============ * Concatenations: You can combine two or more selectors to build a tuple, then use it to look up for a matching in sets, eg. % nft add rule ip filter input ip saddr . tcp dport { \ 1.1.1.1 . 22 , \

Hello all, As I have promised I am sending my QoS rules. This now works fine with u32 classifier (and parent 1:0 that I could not understand why it did not worked well before). Att, Nataniel Klug ------------------------ #!/bin/sh #------ # Script de QoS Cyber Nett #------ # Nataniel Klug # suporte@cnett.com.br #------ TC="/sbin/tc" IPT="/usr/local/sbin/iptables"

Hello list, I installed a box recently and updated it to 8.3-PRERELEASE on 2012/04/11 I'm experiencing this extremely weird behavior where PF refuses to load standard and const table definitions from the main ruleset. - persist tables load just fine - normal and const tables inside anchors load just fine Does anyone else have the same problem ? I'll try to update the kernel again,

http://bugzilla.netfilter.org/show_bug.cgi?id=580 Summary: iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P1

https://bugzilla.netfilter.org/show_bug.cgi?id=580 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |netfilter at linuxace.com Resolution|

https://bugzilla.netfilter.org/show_bug.cgi?id=580 Jan Engelhardt <jengelh at medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | --- Comment #4 from Jan Engelhardt <jengelh at

https://bugzilla.netfilter.org/show_bug.cgi?id=580 --- Comment #5 from Phil Oester <netfilter at linuxace.com> 2013-06-24 20:07:02 CEST --- Unclear how you can say with certainty that this is impossible, but let's ignore that point for the moment. Is there some reason that iptables-save should do the sorting for userspace scripts? Another alternative would be to always load the

https://bugzilla.netfilter.org/show_bug.cgi?id=580 --- Comment #6 from Jan Engelhardt <jengelh at medozas.de> 2013-06-24 20:32:22 CEST --- >Unclear how you can say with certainty that this is impossible Right now, tables are output in permutations that are considered to be random. (Sure there is module load order, but that is not documented, nor is it actually a usable assumption for

https://bugzilla.netfilter.org/show_bug.cgi?id=580 --- Comment #7 from Phil Oester <netfilter at linuxace.com> 2013-06-24 23:34:51 CEST --- > would you be thrilled if all the rules were in random order too? This comparison is a bit far fetched, given that ordering of rules is so important (accept before drop, etc). The order in which tables are output in iptables-save is largely

https://bugzilla.netfilter.org/show_bug.cgi?id=580 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jengelh at medozas.de |netfilter-buglog at lists.netf | |ilter.org -- Configure

https://bugzilla.netfilter.org/show_bug.cgi?id=1781 Bug ID: 1781 Summary: Optimisation fails for raw payload expressions in a valid ruleset Product: nftables Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: nft

https://bugzilla.netfilter.org/show_bug.cgi?id=1349 Bug ID: 1349 Summary: "nft list ruleset" shows rules twice Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at

Hi, after I saw that my machine was having problems to forward more than 200 Mbit/s, I decided to profile the kernel and find out the hotspots. This is what I found: [...] 1028 bridge.ko __br_forward 1033 bridge.ko br_nf_forward_finish 1074 bridge.ko ip_sabotage_in 1119 ebtable_filter.ko ebt_hook 1177 sky2.ko

https://bugzilla.netfilter.org/show_bug.cgi?id=1477 Bug ID: 1477 Summary: Unable to use saved ruleset when using dynamic sets Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at